Diadem Technologies Support Knowledgebase

Block brute force attack from Plesk firewall

Article ID: 1594
Last updated: 15 May, 2023

Block brute force attack from Plesk firewall

Issue: SMTP service has been receiving unauthorised brute force requests on the server

Update 1: Below logs have been found from the maillog on the server

May 15 12:13:44 host plesk_saslauthd[11425]: No such user '[email protected]' in mail authorization database
May 15 12:13:44 host plesk_saslauthd[11425]: failed mail authentication attempt for user '[email protected]' (password len=6)
May 15 12:13:44 host postfix/smtpd[10387]: warning: unknown[46.148.40.175]: SASL LOGIN authentication failed: authentication failure
May 15 12:18:09 host plesk_saslauthd[11996]: No such user '[email protected]' in mail authorization database
May 15 12:18:09 host plesk_saslauthd[11996]: failed mail authentication attempt for user '[email protected]' (password len=8)
May 15 12:18:09 host postfix/smtpd[11184]: warning: unknown[80.94.95.242]: SASL LOGIN authentication failed: authentication failure

Update 2: It is found from the log that the server was under brute-force attack from 46.148.40.0/2480.94.95.0/24 range of IP address.

Resolution:

Step 1: Install the Plesk firewall extension as per the below KB:

https://support.plesk.com/hc/en-us/articles/12377540171799-How-to-install-Plesk-Firewall

Step 2: Click on the Plesk firewall extension & then click on the "+" sign to create a custom Plesk firewall rule.

Step 3: Create a custom firewall rule with denying SMTP connection on port "25" from the brute force IP ranges as per the below screenshot.

   

This article was:  
Report an issue
Article ID: 1594
Last updated: 15 May, 2023
Revision: 4
Views: 187
Comments: 0
Tags