Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Failed POP3 login with SASL method DIGEST-MD5
  •  
eXtremer

Messages: 59
Karma: 0
Send a private message to this user
I'm getting errors in my security log. The client uses MS Outlook 2010. Why do I get those messages? And how to solve this issue? Thank you.

Kerio version: 8.3.1 (2843)

18/Jul/2014 09:43:14] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 09:45:19] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 09:47:25] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 09:49:32] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 09:51:36] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 09:53:41] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 09:55:46] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 09:57:51] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 09:59:56] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 10:02:01] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 10:04:06] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 10:06:12] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 10:08:18] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 10:10:24] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 10:12:35] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 10:14:40] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 10:16:44] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 10:18:49] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 10:20:57] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 10:23:02] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 10:25:06] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 10:27:11] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 10:29:17] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 10:31:23] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 10:33:35] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
[18/Jul/2014 10:35:40] Failed POP3 login from 188.22X.XXX.XX with SASL method DIGEST-MD5.
  •  
freakinvibe

Messages: 1540
Karma: 62
Send a private message to this user
Is 188.22X.XXX.XX an IP address from your company range or do you know it?

If not, it looks like a bot is trying to guess passwords.

In the Admin console, under security policy, check the box

"Block IP addresses suspicious of password guessing attacks"

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
This is a known issue in Outlook. It ignores the order of authentication methods provided by the server. To stop this, disable DIGEST-MD5 authentication method in Kerio Connect administration.
  •  
eXtremer

Messages: 59
Karma: 0
Send a private message to this user
freakinvibe wrote on Fri, 18 July 2014 10:41
Is 188.22X.XXX.XX an IP address from your company range or do you know it?

If not, it looks like a bot is trying to guess passwords.

In the Admin console, under security policy, check the box

"Block IP addresses suspicious of password guessing attacks"


Yes, the IP is used by our clients, no bots.

Pavel Dobry (Kerio) wrote on Fri, 18 July 2014 10:44
This is a known issue in Outlook. It ignores the order of authentication methods provided by the server. To stop this, disable DIGEST-MD5 authentication method in Kerio Connect administration.


I understand, thank you.
  •  
eXtremer

Messages: 59
Karma: 0
Send a private message to this user
Back to my question.
Ok, if I disable DIGEST-MD5 in Kerio, then I cannot connect at all to the Mail Server, so disabling this authentication method is not a solution!
MS Outlook 2010

Task 'user<_at_>domain.com' - Sending' reported error (0x800CCC80) : 'None of the authentication methods supported by this client are supported by your server.'

[Updated on: Fri, 25 July 2014 11:42]

  •  
freakinvibe

Messages: 1540
Karma: 62
Send a private message to this user
Try leaving all the authentication methods ticked except for NTLM.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
Previous Topic: Any idea why Kerio log error even they are successful logins?
Next Topic: Failed POP3 login from
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 17 01:59:25 CEST 2017

Total time taken to generate the page: 0.00481 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.