Brute Force Username Guessing Protection

Discussions on webmail and the Professional version.
Post Reply
mwarble
Posts: 8
Joined: Wed May 31, 2017 1:25 pm

Brute Force Username Guessing Protection

Post by mwarble » Sun Jun 14, 2020 2:41 pm

What is the proper way to protect against brute force login attempts for guessed usernames?

My SMTP activity log has non-stop activity for brute force username login attempts and I've yet to find a setting that prevents it.

I've searched the forums for solutions, but none have fixed the problem.

Thank you.

MailEnable-Ian
Site Admin
Posts: 9166
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Brute Force Username Guessing Protection

Post by MailEnable-Ian » Sun Jun 14, 2020 11:35 pm

Hi,

There is no way to stop the attacks hitting the server. You can enable the "Abuse detection and prevention" option so that the inbound connections are banned after a total of 10 invalid authentication attempts (http://www.mailenable.com/documentation/10.0/Professional/Localhost_-_Policies.html). The IP will be banned for one hour. However to stop this before they hit the MailEnable server you would need to look into implementing a spam gateway server that has the ability to filter these types of attacks before they hit the mail server.

Here is an article to help further: http://www.mailenable.com/kb/content/article.asp?ID=ME020339
Regards,

Ian Margarone
MailEnable Support

reinhard_g
Posts: 17
Joined: Mon Oct 24, 2011 12:06 pm

Re: Brute Force Username Guessing Protection

Post by reinhard_g » Mon Jun 15, 2020 12:47 pm

I added a new rule "Blacklist" to my firewall (input rules). Within the SMTP-activity-log or the ActivityMonitor (SMTP) you can find the ip-address(es).

Insert this ip-adress(es) into the firewall rule Blacklist. May be later, the spammer will use another ip-adress.
Reinhard Gojowsky
--------------------------
EAASDC IT Service Germany
ME Professional 10.30, Windows Server 2012 R2

mwarble
Posts: 8
Joined: Wed May 31, 2017 1:25 pm

Re: Brute Force Username Guessing Protection

Post by mwarble » Mon Jun 15, 2020 1:40 pm

Thanks for the responses.

Post Reply