This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Too many failed logins from %UNKNOWNIP% for facility smtp. [WARN-070] messages every day

Hi folks!

i have a problem with our Sophos version 9.5 .

Recently we get many messages about failed logins to smtp facility (See subject line).

It says that some ip tried to login to the smtp server and gets blocked for our defined 3600 seconds.

Curiously we've not defined any foreign networks to be able to login to our sophos nor did we define any unknown users to do so. So where does this come from and how can we solve it?



This thread was automatically locked due to age.
Parents
  • My first guess would be that someone is trying to use the Sophos as a relay. Have a look at Email Protection, SMTP, Relaying that allowed hosts are listed under host-based relaying. I would expect the Sophos to simply drop all connections from other hosts that try to relay.

    However, I guess someone with more knowledge will help you out. :)

Reply
  • My first guess would be that someone is trying to use the Sophos as a relay. Have a look at Email Protection, SMTP, Relaying that allowed hosts are listed under host-based relaying. I would expect the Sophos to simply drop all connections from other hosts that try to relay.

    However, I guess someone with more knowledge will help you out. :)

Children
No Data