Constant ‘failed mail authenticatication’ entries are logged in mail log in Plesk server

1. Install Fail2Ban according to the article How to install fail2ban on Plesk for Linux.

2. Log into Plesk;

3. Go to Tools & Settings > IP Address Banning (Fail2Ban);

4. Mark the Enable intrusion detection checkbox and specify the following settings:

   • IP address ban period – the time interval in seconds for which an IP address is banned. When this period is over, the IP address is automatically unbanned.

   • Time interval for detection of subsequent attacks - the time interval in seconds during which the system counts the number of unsuccessful login attempts and other unwanted actions from an IP address.

   • Number of failures before the IP address is banned – the number of failed login attempts from the IP address.

5. Activate Fail2Ban service by clicking the Apply button.

6. Go to Jails tab.

7. Mark plesk-dovecot, plesk-horde, plesk-roundcube, plesk-postfix and recidive jails and press the Switch On button to turn the selected jails on.

To prevent brute force attack, install a tool like Fail2ban, once Fail2ban is only available to Linux systems, for example, ts_block.

In order to verify whether or not the server is vulnerable to this threat, check the following article:

How to test if a server is secured from abuse (Open Relay Test)

Additionally, to limit brute force attempts, configure MailEnable to block abuser IP:

1. Connect to the server via RDP;

2. Go to Windows > MailEnableAdmin > Connection dropping > Server > Services and Connector > right-click on SMTP > Properties > Security tab: