Back to Community Threads
3
Current IDS blocks - webmail?
Question asked by Jay Altemoos - 10/10/2016 at 1:19 PM
Answered
So looking at the Current IDS blocks section in SmarterMail 14.5.5907, I see there's a section for webmail listed. How do you specify a rule for this? I went into the Security section and went to Abuse Detection but the only options I get for Brute Force Password is SMTP, POP, XMPP, and LDAP. Even checking the other report options for DOS, etc. never mention webmail at all. Is this already hard coded in so that if someone was attempting brute force on the webmail login SM takes care of it? Or is there something I am missing? I am using IIS for SM and not the built in web engine. Not sure if that has anything to do with it, but I doubt it.

7 Replies

Reply to Thread
1
Employee Replied
10/10/2016 at 2:05 PM
Employee Post Marked As Answer
Hi Jay.  Webmail brute force attempts are hard-coded in the Web.CONFIG file at C:\Program Files (x86)\SmarterTools\SmarterMail\MRS\
Search for "Login.BruteForceDetection.TriesBeforeBlock"
0
Jay Altemoos Replied
10/11/2016 at 6:04 AM
Thanks for the speedy reply Rod. I appreciate it. I will check it out.
3
Bruce Barnes Replied
10/11/2016 at 7:55 AM
Be nice to have this rule moved into the section with the other rules. Easier to monitor, modify, and much less likely to cause confusion when modifications get overwritten during upgrades of al types.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
I checked this ,but changing those numbers seems to have no effect. Still users get blocked after 5 failed logins.
0
Jay Altemoos Replied
1/22/2018 at 7:23 AM
Hi Mohammadreza. If you changed a value in the XML file that Rod posted about, you will need to restart the SmarterMail service for this change to take affect. All values in XML files are stored in memory and only read when the service is restarted. If you didn't restart the SmarterMail service then that's why the value change never took affect.

In Windows you can find the service under: Services.MSC -> SmarterMail Service

I hope this helps.
0
Thanks Jay, I changed the values in the Web.config file and restarted the service. I also restarted the whole server but still users get blocked after 5 attempts !
Is there any other file I should change ?
0
Jay Altemoos Replied
1/22/2018 at 8:45 AM
What version of SmarterMail are you running? We are currently running version 15.7.6474 on our server. I currently have Login.BruteForceDetection.TriesBeforeBlock set to "10" in the config file. I just tested mine and it does block on 10 attempts and not the default 5. There should only be 1 entry for you to change. The other one I believe has to do with forgot password, which is ForgotPassword.BruteForceDetection.TriesBeforeBlock. Both of mine I have set to 10. Can you verify that the change saved?
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Unblock / Allow Browser Notifications in SmarterMailSmarterMail > Domain/User Configuration and Management
Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Moving SmarterMail to a New Hosting CompanySmarterMail > Domain/User Configuration and Management
Upgrading SmarterMail (Domain Conversion)SmarterMail > Installation and Configuration
Adding Delegates in Outlook for WindowsSmarterMail > Desktop and Mobile Synchronization