Anyone else get a ton of Multiple SASL authentication failures since the last ASL update ?
Rules HIDs : 3357-3358-3359-3360
Multiple SASL authentication failures.
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Multiple SASL authentication failures.
Can you send us your alerts.log file? /var/ossec/logs/alerts/alerts.log
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Multiple SASL authentication failures.
Sorry for the waiting, we were investigating this issue.
Every "false" positive we got are from Outlook 2007; postfix/smtpd[3349]: warning: CUSTOMER-IP: SASL DIGEST-MD5 authentication failed: authentication failure
So we asked each of our customer who's using Outlook 2007 to modify their SMTP address from our server name to their domain name.
We got the idea to test that from this old post : https://talk.plesk.com/threads/outlook- ... sue.70571/
Long story short, Plesk issue, not ASL.
Every "false" positive we got are from Outlook 2007; postfix/smtpd[3349]: warning: CUSTOMER-IP: SASL DIGEST-MD5 authentication failed: authentication failure
So we asked each of our customer who's using Outlook 2007 to modify their SMTP address from our server name to their domain name.
We got the idea to test that from this old post : https://talk.plesk.com/threads/outlook- ... sue.70571/
Long story short, Plesk issue, not ASL.