Blocking all login requests

Junior Member
Posts: 71
Joined: Fri May 07, 2004 12:16 am

Blocking all login requests

Postby time2 » Tue Oct 01, 2013 4:26 pm

I run my mail server behind ewall on an alternate port, ewall is set to handle all traffic on port 25. I also run my client SMTP log in on an alternate port 24 instead of 25 so that they bypass ewall when connecting to send legit email. All of my clients email programs are set to use port 24 instead of port 25.

Would it be possible to have ewall drop all SMTP attempts to authenticate on port 25?

Just for clarification if a inbound SMTP connection try's to authenticate through ewall I want to drop and ban the IP for say 5 min.

Doing this would stop all attempts to hack/guess/brute-force attacks on my server at the very first step. I would love to just have my mail server do this but EWSLP doesn't work on my server so my mail server cant be set to auto ban bad attempts handed of by ewall.

Any help would be great.

Jeff

Developer
User avatar
Posts: 4431
Joined: Tue Apr 20, 2004 3:43 pm

Re: Blocking all login requests

Postby Alexander Telegin » Wed Oct 02, 2013 4:22 pm

Jeff,

Please try following OnCommand filter:

Code: Select all
if command contains AUTH
then add sender IP to black list for 5 min
and set reply '550 Authentication is not allowed'
and disconnect

Junior Member
Posts: 71
Joined: Fri May 07, 2004 12:16 am

Re: Blocking all login requests

Postby time2 » Fri Oct 04, 2013 8:54 pm

Alex

Worked perfectly, Thank you so much.
Thank you also for still answering questions and helping people with the old 3.0 version.

Jeff

Return to General

Who is online

Users browsing this forum: No registered users and 0 guests