Reply to this topicStart new topicStart Poll

> Blocking Ip After Smtp-maxerrors Reached, How to block an IP for a specific time?
guru meditation
Posted: Oct 21 2009, 03:22 PM
Quote Post


Newbie
*

Group: Members
Posts: 11
Member No.: 3020
Joined: 21-September 08



I looked through the recent logfiles and see that, despite grey- and blacklisting (spamhaus) there are servers that try to send mails to dozens of non-existent email addresses. Even when the limit set in SMTP-MaxErrors (right now 4) is reached, they immediately reconnect and continue their stupid trial and error.

Is there any way to blacklist these servers for some time, say 30 seconds and refuse further connections from these IP addresses? Can this be implemented in a way that XMail doesn't even accept connections? Because filters can only react when the connection is already established again.

The problem for a script would be that it does not know whether XMail dropped the connection due to the maximum errors set in SMTP-MaxErrors.
PMEmail Poster
Top
yartax
Posted: Oct 19 2011, 08:47 AM
Quote Post


Junior Member
**

Group: Members
Posts: 30
Member No.: 1815
Joined: 14-November 05



Hi

This feature is in my interest too. every day I got thousands of connections trying to break emails accounts. My router often display many connections at a regular interval (says 30 tries per minute more or les) trying to break password.

Is there any manner to block the incoming IP request to smtp/pop after many unsuccessful retries with wrong accound/password?

Regards
Julian
PMEmail Poster
Top
Digdug
Posted: Dec 14 2011, 06:29 PM
Quote Post


Member
***

Group: Members
Posts: 92
Member No.: 1456
Joined: 10-January 05



You could use a IDS firewall with Snort. It will also block POP3 brute force attempts.
PMEmail Poster
Top
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:
« Next Oldest | XMail Server | Next Newest »

Reply to this topicStart new topicStart Poll