auth flood

For any other discussion relating to MailEnable.
Post Reply
arvin8
Posts: 8
Joined: Wed Apr 20, 2005 4:38 pm

auth flood

Post by arvin8 » Fri May 03, 2013 9:27 am

I am flooded with spammers trying to get authentication. They can't of course but even them trying to do locks the server down.

I have all these in the logs:
503 This mail server requires authentication when attempting to send to a non-local e-mail address.

they change the ip so I can't block by IP, what can I do to prevent this?

Thanks in Advance...

MailEnable
Site Admin
Posts: 4441
Joined: Tue Jun 25, 2002 3:03 am
Location: Melbourne, Victoria Australia

Re: auth flood

Post by MailEnable » Mon May 06, 2013 10:56 pm

These sort of attacks often happen when your server has been open relay in the past.
This is because spammers query the RBL providers as a mechanism of establishing who may be able to send their junk.
That is probably why the IP addresses are all different.

As such, I suggest you make sure that your server is not on any Black listlists.
However, in terms of blocking the IP addresses, there is little that you can do, because they are coming from a wide range.

You could possibly temporarily reduce the threshold for connection dropping under the SMTP Security tab to something like 5 so that repeated attempts are blocked earlier.
Regards, Andrew

Post Reply