hello ,
we want to control malicious user (sending mails by authenticating remotely) activity and we have a static ip on our office LAN.
now i tried smtp -> properties -> inbound -> ip control restrictions-> denied all except, but by doing this all our incoming mails from other mail servers also got blocked (like someone sending from gmail, yahoo etc etc).
I just want the outgoing mails to be restricted is their any option for that? so only our users from a particular ip can connect with mailenable and all other will be denied access?
warm regards
How to block users so only our ip and webmail can be used for authentication for mail sending
-
- Posts: 5
- Joined: Thu Aug 01, 2019 9:27 am
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: How to block users so only our ip and webmail can be used for authentication for mail sending
Hi,
Just to clarify your trying to restrict SMTP relaying so that only privileged IP addresses are granted relay rights to send outbound emails?
Just to clarify your trying to restrict SMTP relaying so that only privileged IP addresses are granted relay rights to send outbound emails?
For the above option to be effective you would need to have a firewall or spam gateway in place, where the gateway filters the inbound emails and then forwards to the MailEnable server. You can then set the option to only allow inbound access from the gateway and deny everything else. You would also need to change your MX records to point to the gateway though.now i tried smtp -> properties -> inbound -> ip control restrictions-> denied all except, but by doing this all our incoming mails from other mail servers also got blocked (like someone sending from gmail, yahoo etc etc).
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
-
- Posts: 5
- Joined: Thu Aug 01, 2019 9:27 am
Re: How to block users so only our ip and webmail can be used for authentication for mail sending
yes, basically wants to allow only users authenticating from outlook and webmail (with only privileged ips) . I am not sure how to use gateway setup, can you guide me a bit more. we are under brute force from random ips and sick & tired at this point, if we can even restrict users client to outlook it would be a big help.
also want to know if any version of webmail provides two factor auth to mitigate attackers, so if some user connect from any other client they get a otp or secure link to whitelist the system before use?
regards
also want to know if any version of webmail provides two factor auth to mitigate attackers, so if some user connect from any other client they get a otp or secure link to whitelist the system before use?
regards
-
- Posts: 5
- Joined: Thu Aug 01, 2019 9:27 am
Re: How to block users so only our ip and webmail can be used for authentication for mail sending
Maybe i was not clear in my description, here is the sample smtp logs of brute force on our mail server:
from what i understand is someone is using proxy ips to randomize location and doing a brute force on our server, and in past month they had become successful too and sent so much spam mails that our server went into spam abuse list.
so what i simply want is when a user is sending ehlo/auth request to connect with mail server, we only allow privileged ip so unknown users cannot connect and send outbound spams, if mail enable have this functionality please tell me how to add restrictions or if their is a documentation i am ready to implement my own extension logic [i know c# very well].
Code: Select all
10/21/20 00:00:03 SMTP-IN DCD1960053004A1CA76EEDD807773705.MAI 1456 150.107.120.36 QUIT QUIT 221 Service closing transmission channel 42 6
10/21/20 00:00:06 SMTP-IN 2989DCC9AF6A47BE820AD72E181DBCAA.MAI 1724 114.143.37.59 220 mail.jajoogroup.com ESMTP MailEnable Service, Version: 10.25-- ready at 10/21/20 00:00:06 95 0
10/21/20 00:00:06 SMTP-IN 2989DCC9AF6A47BE820AD72E181DBCAA.MAI 1724 114.143.37.59 EHLO EHLO [114.143.37.59] 250-jajoogroup.com [114.143.37.59], this server offers 5 extensions 239 22
10/21/20 00:00:07 SMTP-IN 2989DCC9AF6A47BE820AD72E181DBCAA.MAI 1724 114.143.37.59 STARTTLS 24 10
10/21/20 00:00:07 SMTP-IN 2989DCC9AF6A47BE820AD72E181DBCAA.MAI 1724 114.143.37.59 STARTTLS STARTTLS 24 10
10/21/20 00:00:08 SMTP-IN 2989DCC9AF6A47BE820AD72E181DBCAA.MAI 1724 114.143.37.59 EHLO EHLO [114.143.37.59] 250-jajoogroup.com [114.143.37.59], this server offers 4 extensions 130 22
10/21/20 00:00:08 SMTP-IN 2989DCC9AF6A47BE820AD72E181DBCAA.MAI 1724 114.143.37.59 AUTH AUTH LOGIN 334 VXNlcm5hbWU6 18 12
10/21/20 00:00:08 SMTP-IN 2989DCC9AF6A47BE820AD72E181DBCAA.MAI 1724 114.143.37.59 AUTH {blank} 334 UGFzc3dvcmQ6 18 46 *************@ourservermail.com
10/21/20 00:00:09 SMTP-IN 2989DCC9AF6A47BE820AD72E181DBCAA.MAI 1724 114.143.37.59 AUTH IWpham9vZ3JvdXBAMTIzI2phaXB1cg== 535 Invalid Username or Password 34 34 *************@ourservermail.com
10/21/20 00:00:09 SMTP-IN 2989DCC9AF6A47BE820AD72E181DBCAA.MAI 1724 114.143.37.59 QUIT QUIT 221 Service closing TLS SSL transmission session 50 6 *************@ourservermail.com
10/21/20 00:00:50 SMTP-IN ABDEDB6E4A2B467CB79234514DE5308E.MAI 1748 109.165.234.82 220 mail.jajoogroup.com ESMTP MailEnable Service, Version: 10.25-- ready at 10/21/20 00:00:50 95 0
10/21/20 00:00:50 SMTP-IN ABDEDB6E4A2B467CB79234514DE5308E.MAI 1748 109.165.234.82 EHLO EHLO [109.165.234.82] 250-jajoogroup.com [109.165.234.82], this server offers 5 extensions 240 23
10/21/20 00:00:51 SMTP-IN ABDEDB6E4A2B467CB79234514DE5308E.MAI 1748 109.165.234.82 STARTTLS 24 10
10/21/20 00:00:51 SMTP-IN ABDEDB6E4A2B467CB79234514DE5308E.MAI 1748 109.165.234.82 STARTTLS STARTTLS 24 10
10/21/20 00:00:51 SMTP-IN ABDEDB6E4A2B467CB79234514DE5308E.MAI 1748 109.165.234.82 EHLO EHLO [109.165.234.82] 250-jajoogroup.com [109.165.234.82], this server offers 4 extensions 131 23
10/21/20 00:00:51 SMTP-IN ABDEDB6E4A2B467CB79234514DE5308E.MAI 1748 109.165.234.82 AUTH AUTH LOGIN 334 VXNlcm5hbWU6 18 12
10/21/20 00:00:51 SMTP-IN ABDEDB6E4A2B467CB79234514DE5308E.MAI 1748 109.165.234.82 AUTH {blank} 334 UGFzc3dvcmQ6 18 46 *************@ourservermail.com
10/21/20 00:00:52 SMTP-IN ABDEDB6E4A2B467CB79234514DE5308E.MAI 1748 109.165.234.82 AUTH IWpham9vZ3JvdXBAMTIzI2phaXB1cg== 535 Invalid Username or Password 34 34 *************@ourservermail.com
10/21/20 00:00:52 SMTP-IN ABDEDB6E4A2B467CB79234514DE5308E.MAI 1748 109.165.234.82 QUIT QUIT 221 Service closing TLS SSL transmission session 50 6 *************@ourservermail.com
10/21/20 00:01:34 SMTP-IN 7C38D4DFAE68480A90B3520276125BF0.MAI 1688 87.202.30.11 220 mail.jajoogroup.com ESMTP MailEnable Service, Version: 10.25-- ready at 10/21/20 00:01:34 95 0
10/21/20 00:01:35 SMTP-IN 7C38D4DFAE68480A90B3520276125BF0.MAI 1688 87.202.30.11 EHLO EHLO [87.202.30.11] 250-jajoogroup.com [87.202.30.11], this server offers 5 extensions 238 21
10/21/20 00:01:35 SMTP-IN 7C38D4DFAE68480A90B3520276125BF0.MAI 1688 87.202.30.11 STARTTLS 24 10
10/21/20 00:01:35 SMTP-IN 7C38D4DFAE68480A90B3520276125BF0.MAI 1688 87.202.30.11 STARTTLS STARTTLS 24 10
10/21/20 00:01:35 SMTP-IN 7C38D4DFAE68480A90B3520276125BF0.MAI 1688 87.202.30.11 EHLO EHLO [87.202.30.11] 250-jajoogroup.com [87.202.30.11], this server offers 4 extensions 129 21
10/21/20 00:01:36 SMTP-IN 7C38D4DFAE68480A90B3520276125BF0.MAI 1688 87.202.30.11 AUTH AUTH LOGIN 334 VXNlcm5hbWU6 18 12
10/21/20 00:01:36 SMTP-IN 7C38D4DFAE68480A90B3520276125BF0.MAI 1688 87.202.30.11 AUTH {blank} 334 UGFzc3dvcmQ6 18 46 *************@ourservermail.com
10/21/20 00:01:37 SMTP-IN 7C38D4DFAE68480A90B3520276125BF0.MAI 1688 87.202.30.11 AUTH IWpham9vZ3JvdXBAMTIzI2phaXB1cg== 535 Invalid Username or Password 34 34 *************@ourservermail.com
10/21/20 00:01:37 SMTP-IN 7C38D4DFAE68480A90B3520276125BF0.MAI 1688 87.202.30.11 QUIT QUIT 221 Service closing TLS SSL transmission session 50 6 *************@ourservermail.com
so what i simply want is when a user is sending ehlo/auth request to connect with mail server, we only allow privileged ip so unknown users cannot connect and send outbound spams, if mail enable have this functionality please tell me how to add restrictions or if their is a documentation i am ready to implement my own extension logic [i know c# very well].