Brute Force Username Guessing Protection

Discussions on webmail and the Professional version.
Post Reply
mwarble
Posts: 8
Joined: Wed May 31, 2017 1:25 pm

Brute Force Username Guessing Protection

Post by mwarble »

What is the proper way to protect against brute force login attempts for guessed usernames?

My SMTP activity log has non-stop activity for brute force username login attempts and I've yet to find a setting that prevents it.

I've searched the forums for solutions, but none have fixed the problem.

Thank you.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Brute Force Username Guessing Protection

Post by MailEnable-Ian »

Hi,

There is no way to stop the attacks hitting the server. You can enable the "Abuse detection and prevention" option so that the inbound connections are banned after a total of 10 invalid authentication attempts (http://www.mailenable.com/documentation/10.0/Professional/Localhost_-_Policies.html). The IP will be banned for one hour. However to stop this before they hit the MailEnable server you would need to look into implementing a spam gateway server that has the ability to filter these types of attacks before they hit the mail server.

Here is an article to help further: http://www.mailenable.com/kb/content/article.asp?ID=ME020339
Regards,

Ian Margarone
MailEnable Support

reinhard_g
Posts: 24
Joined: Mon Oct 24, 2011 12:06 pm

Re: Brute Force Username Guessing Protection

Post by reinhard_g »

I added a new rule "Blacklist" to my firewall (input rules). Within the SMTP-activity-log or the ActivityMonitor (SMTP) you can find the ip-address(es).

Insert this ip-adress(es) into the firewall rule Blacklist. May be later, the spammer will use another ip-adress.
Reinhard Gojowsky
--------------------------
EAASDC IT Service Germany
ME Professional 10.40, Windows Server 2019

mwarble
Posts: 8
Joined: Wed May 31, 2017 1:25 pm

Re: Brute Force Username Guessing Protection

Post by mwarble »

Thanks for the responses.

LarrySeawell
Posts: 2
Joined: Sat Oct 31, 2020 9:40 pm
Location: Virginia, USA

Re: Brute Force Username Guessing Protection

Post by LarrySeawell »

There's also this slick little program called RdpGuard.
LSeawell

SorenDK
Posts: 2
Joined: Mon Nov 23, 2020 6:34 pm

Re: Brute Force Username Guessing Protection

Post by SorenDK »

I have created a service watching the logs.
If an IP has too many illegal entrys the IP goes in the ME SMTP Blacklist.
Later Blacklisted IP's are copied to the windows firewall.

I have no release plan for IP's

I see the same IP being active again one or two years later.

Best Regards
Soren

Post Reply