This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Auto ban/block IP addresses that attempt SMTP auth

I have UTM as a spam/virus filter in front of my email server.

Inbound SMTP (port 25) is only ever going to be "anonymous" SMTP delivering to my email server, or relaying from static IP addresses.

I frequently see authentication fails along the lines of 

server_login authenticator failed for (USER) [145.249.107.135]:37894: 535 Incorrect authentication data (set_id=username@domain.com)

As I do not allow authenticated SMTP inbound, is there a method of auto banning or blocking IP addreses that attempt to authenticate on SMTP ?



This thread was automatically locked due to age.
  • "Automaticly"

    Using the same number of attempts in the same time period that I want to use for the user portal, which needs to cope with users that change their AD password, and then attempt to logon with their browser stored credentials...

    as I originally said " auto banning or blocking IP addreses that attempt to authenticate"

  • The only way that you could have people attempting an SMTP logon would be if you selected 'Allow authenticated relaying' on the 'Relaying' tab.

    What do you mean by "relaying from static IP addresses" - is this relaying from upstream hosts, or individuals with fixed IPs that are allowed to authenticate against the SMTP Proxy?

    Please compare your configuration to Basic Exchange setup with SMTP Proxy.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA