Add IP Address and "non-existent mailbox" to plesk_saslauthd Authentication Logs
In the "maillog" program logs, which contain "server plesk_saslauthd" entries, the IP addresses are not recorded. During brute force attacks from multiple IPs, there are failed login attempts to non-existent mailboxes. While these attacks don't pose a direct threat, they consume server resources and could become dangerous if they target existing mailboxes.
I request that IP addresses be added to the "server plesk_saslauthd" logs, along with information about non-existent mailboxes, to improve filtering through fail2ban.
Current log:
Sep 20 08:14:00 server plesk_saslauthd[117757]: failed mail authentication attempt for user 'example@domain.com' (password len=14)
Suggested log:
Sep 20 08:14:00 server plesk_saslauthd[117757]: failed mail authentication attempt for non-existent mailbox 'example@domain.com' (password len=14) from [<IP>]
Marek
shared this idea
Thank you for your input! We will consider this functionality in upcoming releases if it becomes popular.
Everyone, please continue voting for this feature if you consider it important.
-- SH