Authentication limited by IP
Idea shared by Paul White - July 22, 2015 at 7:26 PM
Here is what I need.  I need the ability limit the IPs allowed for authentication on POP, IMAP and SMTP on a user by user basis.  Example Lets say I have the email dave@davesdomain.com  I should be able to limit only the IPs and maybe to be able to authenticate under his account. Or even set limits for the whole domain.  I need to be able to specify exact IPs, or even blocks or ranges.  ( similar to firewall settings ).  I know this is not a perfect solution to security, but limiting the IPs to connect to a given account greatly reduces the exposure to dictionary attacks.  Also some security settings that would automatically add IPs to the global block list when they attempt to authenticate as a user who should not be connecting from that IP.  I don't want to hear the whole force more complex passwords answer either.  Been there,  It doesn't matter when users tend to use the same complex passwords accross multiple sites.  

1 Reply

Reply to Thread
SpamHurts Replied
July 22, 2015 at 10:02 PM
I'm not sure you have thought this completely through. Even if this were possible, it is not practical.
Your users are going to want to check their email other than their home and work IP. What are they going to do when they are in starbucks and miss a big email, because you have the IP limited? They are going to be pissed. Or they hire a new employee, and he can not connect from his house?
I believe the way to handle this is with the tools SM already has. Setting the timeout periods for authentication failures, and blocking IP's for longer periods of time for the same thing. This page also has good protocol settings.
I don't think this is possible, as the IP isn't part of the authentication. I could be wrong on this. Might be able to be done in IIS but i can't imagine how, yet I am not really a server admin.
Did you encounter a specific incident that would make you want to do this.  Did you have an email account get hacked? Did you get blacklisted? Do you use a gateway server in/and or out? I would say you keep your cool, and listen to the others on this board for advice? Good luck!
Remember kids, every time a spam message gets blocked, a nerd gets their glasses. spamhurts/July 15

Reply to Thread