IP addresses don't get added correctly to denied list

Discussion regarding the Standard version.
Post Reply
johnaquilio
Posts: 4
Joined: Sat Feb 27, 2021 3:55 am

IP addresses don't get added correctly to denied list

Post by johnaquilio » Sat Feb 27, 2021 4:20 am

In the "Connection Dropping" section under the "Security" tab, I have set it to "Drop a connection when the failed number of commands or recipients reaches" 3. In the log, I see that there have been repeated login attempts with different username choices from some IP addresses. All of those login attempts thankfully fail with "535+Invalid+Username+or+Password" error. But, I would have expected such IP addresses to get added to the "Denied" list. But, when I look at the SMTP-DENY.TAB file, I don't see those IP addresses getting added to the list.

Interestingly, some IP addresses occasionally do get added to that list. In a day, I saw 3 IP addresses having been added. But, looking at the log about failed login attempts, many more IP addresses should have been added. What could be the reason?

Thanks!

MailEnable-Ian
Site Admin
Posts: 9397
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: IP addresses don't get added correctly to denied list

Post by MailEnable-Ian » Sun Feb 28, 2021 10:34 pm

Hi,

Have you verified that the same IP address failed to authenticate 3 times in the SMTP log files?
Regards,

Ian Margarone
MailEnable Support

johnaquilio
Posts: 4
Joined: Sat Feb 27, 2021 3:55 am

Re: IP addresses don't get added correctly to denied list

Post by johnaquilio » Mon Mar 01, 2021 2:11 am

Yes, I have.
Looking at the log for the last one hour alone, I see several spoofing attempts from some evil IP address (45.142.120.39) trying with different usernames such as opennms@ourDomain.com, shevchenko@ourDomain.com, wangjie@ourDomain.com, 1234@ourDomain.com, vika@ourDomain.com, wang@ourDomain.com, lxd@ourDomain.com, lucy@ourDomain.com, bind@ourDomain.com, cam@ourDomain.com, l1@ourDomain.com, ptest@ourDomain.com, etc.

Clearly, there have been many more failed attempts than the set limit of 3 from that IP address in the last one hour alone. But, that IP address has not been added to SMTP-DENY.TAB.

I would be happy to send you the one hour log file to you if you want to take a look.

MailEnable-Ian
Site Admin
Posts: 9397
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: IP addresses don't get added correctly to denied list

Post by MailEnable-Ian » Mon Mar 01, 2021 4:43 am

Hi,

Ok send the log files at response@mailenable.com
Regards,

Ian Margarone
MailEnable Support

johnaquilio
Posts: 4
Joined: Sat Feb 27, 2021 3:55 am

Re: IP addresses don't get added correctly to denied list

Post by johnaquilio » Mon Mar 01, 2021 4:47 pm

I emailed the log file to that email address.
Thanks!

MailEnable-Ian
Site Admin
Posts: 9397
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: IP addresses don't get added correctly to denied list

Post by MailEnable-Ian » Mon Mar 01, 2021 11:20 pm

Hi,

Ok, thanks but we need the SMTP activity and debug log files.
Regards,

Ian Margarone
MailEnable Support

johnaquilio
Posts: 4
Joined: Sat Feb 27, 2021 3:55 am

Re: IP addresses don't get added correctly to denied list

Post by johnaquilio » Tue Mar 02, 2021 12:59 am

Emailed those log files as well.
Thanks.

Post Reply