Atomicorp

Anyone else get a ton of Multiple SASL authentication failures since the last ASL update ?

Rules HIDs : 3357-3358-3359-3360

Can you send us your alerts.log file? /var/ossec/logs/alerts/alerts.log

Sorry for the waiting, we were investigating this issue.

Every "false" positive we got are from Outlook 2007; postfix/smtpd[3349]: warning: CUSTOMER-IP: SASL DIGEST-MD5 authentication failed: authentication failure

So we asked each of our customer who's using Outlook 2007 to modify their SMTP address from our server name to their domain name.

We got the idea to test that from this old post : https://talk.plesk.com/threads/outlook- ... sue.70571/

Long story short, Plesk issue, not ASL.