Blocking all login requests

Junior Member
Posts: 71
Joined: Fri May 07, 2004 12:16 am

Blocking all login requests

Postby time2 » Tue Oct 01, 2013 4:26 pm

I run my mail server behind ewall on an alternate port, ewall is set to handle all traffic on port 25. I also run my client SMTP log in on an alternate port 24 instead of 25 so that they bypass ewall when connecting to send legit email. All of my clients email programs are set to use port 24 instead of port 25.

Would it be possible to have ewall drop all SMTP attempts to authenticate on port 25?

Just for clarification if a inbound SMTP connection try's to authenticate through ewall I want to drop and ban the IP for say 5 min.

Doing this would stop all attempts to hack/guess/brute-force attacks on my server at the very first step. I would love to just have my mail server do this but EWSLP doesn't work on my server so my mail server cant be set to auto ban bad attempts handed of by ewall.

Any help would be great.

Jeff

Developer
User avatar
Posts: 4431
Joined: Tue Apr 20, 2004 3:43 pm

Re: Blocking all login requests

Postby Alexander Telegin » Wed Oct 02, 2013 4:22 pm

Jeff,

Please try following OnCommand filter:

Code: Select all
if command contains AUTH
then add sender IP to black list for 5 min
and set reply '550 Authentication is not allowed'
and disconnect

Junior Member
Posts: 71
Joined: Fri May 07, 2004 12:16 am

Re: Blocking all login requests

Postby time2 » Fri Oct 04, 2013 8:54 pm

Alex

Worked perfectly, Thank you so much.
Thank you also for still answering questions and helping people with the old 3.0 version.

Jeff

Junior Member
User avatar
Posts: 11
Joined: Wed Feb 15, 2012 4:06 pm

Re: Blocking all login requests

Postby anthonyc » Thu Feb 01, 2018 3:47 pm

if command contains AUTH
then add sender IP to black list for 5 min
and set reply '550 Authentication is not allowed'
and disconnect

-----------------------------
I use eWall 4.0. I run the same configuration ... eWall in front of my mail server with mail server running on a different port, and customers know to use the different port for smtp.
anyone using port 25 should be blocked.

Please show me the exact script to copy and paste into my filter.
The "oncommand" visual filter does not allow me to do this.

thank you.
Anthony

Return to General

Who is online

Users browsing this forum: No registered users and 1 guest