The smtp-deny file...

[Tim Ecott]

Hello:
We have two servers (MailEnable Standard) online and they seem to be working fine. However, as soon as they went online they are being bombarded with attempts to crack account pa55w0rds etc. This happens 24/7 from a huge number of IP addresses, all presumably bots of one sort or another. This makes the SMTP daily activity log quite large. We have used the 'auto-disconnect' feature in ME SMTP Properties/Security (We tick the box, leaving the failed attempt count at 15). This seems to result in an ever increasing file size for smtp-deny.tab (Currently >2000 entries!). Is this right? Or are we missing something? We have searched the forum for answers but all posts on this topic seem to be quite old. Any information would be welcome.
For info:
ME 10.45 on Windows Server 2008R2 fully patched. IIS7 for WE Webmail and ME Webadmin.
Thank you.

[Admin]

Hi,

If they are password attempts, make sure you have enabled the abuse detection and prevention option under the localhost settings. This will block connections from those IPs continually attempting. You probably are fine just dropping the connection, and not adding the IPs to the denied list.

[Tim Ecott]

Thank you for your reply. Yes, they are pretty much all pa55w0rd cracking attempts. Please clarify where the 'Abuse detection and prevention' setting is under localhost - I don't see it!
To clarify, we are using ME 10.45 Standard, and we have the DNS Blacklisting enabled under SMTP Properties/Security.
Tim Ecott.

[Tim Ecott]

The 'Abuse Detection' function you mention is not available to Mail Enable Standard? Please clarify. In the absence of this facility, is there anything that can be done using ME Standard??
Best Regards.

[Admin]

Sorry, yes, the abuse detection is not in Standard. So the connection dropping would be your only option for this.