Back to Community Threads
1
Anonymous User - Chines Location
Question asked by iba-labs-it - 12/23/2016 at 1:27 PM
Unanswered
Hello,
 
we are using SmarterMail 12.3 and I am a new user of SmarterMail.
 
Today I just noticed User Activity that shows two anonymous users location China Duration 18 mints, what does that mean?
 
I have also noticed that one of our user using IMAP appeared in different location in user activity Romania & Canada how could it possible ?
 
 
I will appreciate any guidance!
 
Thanks & regards 
 
 
 

4 Replies

Reply to Thread
0
Employee Replied
12/27/2016 at 9:17 AM
Employee Post
Hi. The anonymous user simply means that someone has navigated to the SmarterMail web interface, but they're not signed in.
0
Jay Altemoos Replied
12/27/2016 at 12:23 PM
As Rod had stated, it just means someone or something is on the webmail login page but not signed in.

As far as the IMAP connection appearing in a different location, that's very concerning. To me that would indicate that someone knows that user's email PW and is using it somewhere else. I would notify that user right away and change their password to something completely different. That way you protect your mail server and the user from being blacklisted as a spammer.
0
iba-labs-it Replied
1/4/2017 at 5:06 AM
Thank you guys, for your expert valuable reply,

since anonymous user location shows Chines and we don't have any user in China, is there anyway to block this for security?

Thanks
Reyan
0
Jay Altemoos Replied
1/4/2017 at 4:30 PM
Well that's a tough question to answer. There's 2 sides to that coin, you could attempt to block the IP via Windows firewall rule, but whoever or whatever it is sitting on the page would just pick another IP an have at it again. You would be setting up rules all day long on the server.
 
Now with that said, SM does have built in security for Brute Force attempts on the webmail page. So whoever or whatever is sitting on that page is most likely attempting usernames and passwords to log into whatever account. I believe by default it's 5 or 10 attempts before the IP is blacklisted for a period of time. They will show up under Manage -> Current IDS blocks -> webmail. One of the suggestions I have is if you don't have one already, I would get a digital certificate and require https on the webmail page. That way if something is there attempting to sniff usernames and passwords, it's encrypted with the digital certificate.
 
As far as stopping the Anonymous, there's really no way to stop that.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Restore a User's Account, Folders, or EmailsSmarterMail > Server Configuration and Management
Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Set up SmarterMail as an IIS Site in IIS 10SmarterMail > Server Configuration and Management
How to Correct Invalid User Disk Space Information on ReportsSmarterMail > Troubleshooting
Set up SmarterMail as an IIS Site in IIS 8SmarterMail > Server Configuration and Management