Hi guys,
I am failing to find an effective way to blacklist of IP addresses that are generating reoccurring SMTP attacks (Brute force password guessing).
Sophos is used as a Relay host for Exchange.
Please note that I do not want to create deny rules in the firewall and make a complete mess.
I have blacklisted the IP address into:
Email Protection > SMTP > Relaying Tab > Host/Network Blacklist
however though this seems to not be having any effect as the same IP address are generating more attacks.
Sophos blocks them for 600 sec after to many passwords guessing but that is just not enough.
Is there any way I can maintain IP blacklist on the WAN interface without messing up with IP Tables?
This thread was automatically locked due to age.
