[SOLVED] Where are the Failed logins?

U

ukro

Member
May 16, 2021
125
13
23
39
Greetings,
i had this logs on my mail server before a added PMG:

Code: 
[24/Sep/2021 20:33:47] Failed SMTP login from 2.56.59.87 with SASL method DIGEST-MD5.
[24/Sep/2021 20:34:17] Failed SMTP login from 45.144.225.205 with SASL method CRAM-MD5.
[24/Sep/2021 20:34:20] Failed SMTP login from 45.144.225.205 with SASL method DIGEST-MD5.
[24/Sep/2021 20:34:37] Failed SMTP login from 45.144.225.206 with SASL method CRAM-MD5.
[24/Sep/2021 20:34:40] Failed SMTP login from 45.144.225.206 with SASL method DIGEST-MD5.
[24/Sep/2021 20:35:39] Failed SMTP login from 2.56.59.40 with SASL method CRAM-MD5.
[24/Sep/2021 20:35:42] Failed SMTP login from 2.56.59.40 with SASL method DIGEST-MD5.
[24/Sep/2021 20:36:14] Failed SMTP login from 136.144.41.70 with SASL method CRAM-MD5.
[24/Sep/2021 20:36:17] Failed SMTP login from 136.144.41.70 with SASL method DIGEST-MD5.
[24/Sep/2021 20:37:13] Failed SMTP login from 31.210.20.54 with SASL method CRAM-MD5.
[24/Sep/2021 20:37:17] Failed SMTP login from 31.210.20.54 with SASL method DIGEST-MD5.
[24/Sep/2021 20:37:37] Failed SMTP login from 37.0.10.49 with SASL method CRAM-MD5.
[24/Sep/2021 20:37:40] Failed SMTP login from 37.0.10.49 with SASL method DIGEST-MD5.
[24/Sep/2021 20:38:33] Failed SMTP login from 37.0.8.132 with SASL method CRAM-MD5.
[24/Sep/2021 20:38:36] Failed SMTP login from 37.0.8.132 with SASL method DIGEST-MD5.
[24/Sep/2021 20:41:35] SMTP: Invalid password for user xxxx@xxxxx. Attempt from IP address 156.96.157.102.
[24/Sep/2021 20:41:35] Account lockout - user xxxx@xxxx will be blocked for connections from IP address 156.96.157.102 for 1440 minutes: too many failed logins from this IP address
[24/Sep/2021 20:46:10] Failed SMTP login from 45.133.1.50 with SASL method CRAM-MD5.
[24/Sep/2021 20:46:13] Failed SMTP login from 45.133.1.50 with SASL method DIGEST-MD5.
[24/Sep/2021 20:47:31] SMTP Spam attack detected from 77.247.110.249, client closed connection before SMTP greeting
[24/Sep/2021 20:48:57] Failed SMTP login from 136.144.41.87 with SASL method CRAM-MD5.
[24/Sep/2021 20:49:00] Failed SMTP login from 136.144.41.87 with SASL method DIGEST-MD5.
[24/Sep/2021 20:53:14] Failed SMTP login from 45.144.225.204 with SASL method CRAM-MD5.
[24/Sep/2021 20:53:17] Failed SMTP login from 45.144.225.204 with SASL method DIGEST-MD5.

Now its crystal clear, no further logs like this after adding PMG.
What happened? The port 25 PGM is not allowing to pass to my mail server?
 
nvm it started again, so i guess the logs are wrong and its not SMTP 25, its secure SMTP
Code: 
[24/Sep/2021 22:02:18] SMTP: Invalid password for user xxxxx. Attempt from IP address 156.96.157.102.
[24/Sep/2021 22:02:18] Account lockout - user xxxxx will be blocked for connections from IP address 156.96.157.102 for 1440 minutes: too many failed logins from this IP address
[24/Sep/2021 22:02:31] Failed SMTP login from 156.96.157.102 with SASL method LOGIN.
 
Last edited:
ukro said:
[24/Sep/2021 20:33:47] Failed SMTP login from 2.56.59.87 with SASL method DIGEST-MD5.
Click to expand...
This looks like someone tried to authenticated to your SMTP-server (with SASL authentication) - PMG does not offer SMTPAUTH - so it's just not possible to authenticate to PMG - and PMG is not a 'transparent proxy' in the sense that it passes all smtp-commands to your downstream server
it accepts mail (unless the mail is blocked by your rules) and then starts a smtp-session of its own with your downstream server to pass the mail along

So I'm not quite sure what the issue for you here is?
 
Stoiko Ivanov said:
This looks like someone tried to authenticated to your SMTP-server (with SASL authentication) - PMG does not offer SMTPAUTH - so it's just not possible to authenticate to PMG - and PMG is not a 'transparent proxy' in the sense that it passes all smtp-commands to your downstream server
it accepts mail (unless the mail is blocked by your rules) and then starts a smtp-session of its own with your downstream server to pass the mail along

So I'm not quite sure what the issue for you here is?
Click to expand...
I am sorry, that was not port 25 but secure smtp. So its fine.
PMG does not offer SMTPAUTH this is awesome news !! Thank you very much! <3
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom