Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 7678 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[9.107-33] SMTP -failed logins

wingman
Hi All

Lately I am getting a lot of "too many login failed" messages such the one attached. I am trying to find why this is happening. I have enabled the blocking mechanism as per Definitions & Users>Authentication Servers>Advanced so when there is a failed login message I will get notified. However relaying is only allowed  for specific users (email protection>smtp>relaying) and I am allowing only internal network 

The ip as per attached notification are random(to name a few):
174.79.39.4
85.52.224.140
78.98.72.175 

As I don't have an open relay I am not sure why this is happening

Thanks


This thread was automatically locked due to age.
Parents
  • 0
    Apparently, allowing SMTP relay by authentication cannot be restricted to specific subnets.  That would appear to be a feature request. At present, it's probably best to disable the notification. If not, and you wanted to allow relay only from your LAN(s) and VPNs, you could make a black hole DNAT for 'Internet -> SMTP -> {External (Address) objects}'.

    Cheers - Bob

    Sorry for any short responses.  Posted from my iPhone.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Apparently, allowing SMTP relay by authentication cannot be restricted to specific subnets.  That would appear to be a feature request. At present, it's probably best to disable the notification. If not, and you wanted to allow relay only from your LAN(s) and VPNs, you could make a black hole DNAT for 'Internet -> SMTP -> {External (Address) objects}'.

    Cheers - Bob

    Sorry for any short responses.  Posted from my iPhone.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML