Hello
I'm looking for a solution that allows me to actively block external SMTP connection from "bad" IP which are trying to use autentication as per the following log
This thread was automatically locked due to age.
Hello
I'm looking for a solution that allows me to actively block external SMTP connection from "bad" IP which are trying to use autentication as per the following log
Yes, this is an option in my mind. I am in discussion with the customer about this setting.
The maintenance of the "bad" IPs in the source is an big obstacle here. Then "Block Password Guessing" is an better option.
On the other side we see a complete /24 network of "bad" IP requesters which looks like an automated process to "test" the SMTP authentication. So the "Block Password Guessing" here not the right thing. If I block 1 IP for 15 minutes, there are a lot other requests. So we block the /24 network with the DNAT rule.
"Block Password Guessing" is an addition option I think.
Hallo Michael and welcome to the UTM Community!
In general, guys, I prefer to NOT use the SMTP Proxy to authenticate traffic from the Internet. Instead, use the mail server's authentication capability. Michael, your approach and including blocking password guessing is one I like to use if the client just can't go without using UTM SMTP Proxy authentication.
Cheers - Bob
Hello BAlfson,
yes it is not the smartest way to do this with SMTP auth, but it works for the customer in production and a better solution is here not so easy to build. So we do prevention.
Regards,
Michael
P.S. BAlfson: You do a nice job here since years, thank you.
Michael