2
SmarterMail 12 User Activity - Anonymous Users?? How?
Question asked by Tim DeMeza - 10/7/2014 at 6:02 PM
Answered
I am using SM12 and looked at my server activity and just noticed 4 anonymous users.  Can I tell if they are logged in?  Any way to completely block these users?  This doesn't look good, and doesn't make sense.  Thanks in advance for any assistance or enlightenment. 
 

1 Reply

Reply to Thread
1
Bruce Barnes Replied
Marked As Answer
An "anonymous" user is anyone who has logged in and then logged out, or attempted to login and failed in that attempt.
 
Anonymous users are not logged in and have no access to the mail server.
 
While you cannot eliminate anonymous users altogether, there are several things you can do to help to protect your server from being hacked via "brute force password' and "SMTP harvesting" by setting triggers to limit the number of times an IP address attempts to login.
 
Here's how we have our protections setup:
 
 
The TIME FRAME is in seconds.
 
The COUNT is the total number of attempts within the time frame
 
The BLOCK TIME is the amount of time, in minutes, for which the block will be implemented.  By blocking for 60,000 minutes, we are, effectively, creating a permanent block against the IP address from which the attack originated.
 
NOTE THAT ALL BLOCKS ARE RESET (REMOVED) BY SERVER REBOOTS or SMARTERMAIL SERVER BOUNCES!
 
While these issues will not specifically address the attempts by those who might seek to initiate an attack via the web login, they will mitigate theft of passwords via other means and help secure your SmarterMail server.
 
You can also make certain you are running SmarterMail under IIS, and not the built-in SmarterMail webserver, and implement SSL/TLS.   User's who configure their clients to use SSL or TLS; along with those user who access the web interface via the secure HTTPS interface, will be sending encrypted data, vs plain text data where no encryption is present.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread