Need to whitelist ip for webmail
Problem reported by Brad Underwood - 1/15/2018 at 10:55 AM
I understand why web login have Brute Force Detection, but I need to be able to whitelist a large site ip address with 50+ users. If one of the users causes a lockout the entire site gets blocked form accessing there webmail. Is there a way to do this?

6 Replies

Reply to Thread
Employee Replied
Employee Post Marked As Resolution
Hi Brad.  Our latest SmarterMail 16 has a new setting for webmail brute force.  You'll want to update to our latest release from 1/11/18, and then you can follow these steps.
  1. Log into SmarterMail as the Sys Admin and go to Settings >> General.  Make any kind of change here so that the Save button becomes enabled.  Clicking Save will create new configuration settings.
  2. Stop the SmarterMail service.
  3. Edit the following file:  C:\Program Files (x86)\SmarterTools\SmarterMail\Service\mailConfig.xml
  4. Search for:  <BruteForceSettings>
  5. Here, you can disable webmail brute force detection, or increase the failed attempts before a block is activated
  6. Save and close file.
  7. Restart the SmarterMail service.
WebControl GmbH Replied
Will that be possible in one of the minor updates from SM16 to setup within the webinterface?
The way you described is a no go for a production environment to make a "small" change within business hours!
Ron Raley Replied
Rod, I recommend that your development team review this thread.
What we are seeing is that one person can shut down an entire office building.  We do want the security feature, but when I research how to increase the number of webmail login attempts, I must make these changes in code.
Is there anything preventing these settings to be incorporated into the web interface as requested?
Thanks for listening,
Falk Brockerhoff Replied
It seems like SmarterTools isn't willing to implement a possibility in SM 16
-  to change brute force settings without restarting the service 
- to make a whitelist for the brute force prevention. 
I'm wondering why this thread is marked as solved...
Anyway, we have the same problem as Brad Underwood. One bigger customers of us (~ 75 Users) faces the fact that his entire business is disrupted, just because one user is entering a wrong password too many times. Like many bigger companys this customer have a dedicated IP address. So it would be no problem to whitelist his IP.
For me as a users it's pretty hard to understand, why the existing whitelist for DoS and Email Harvesting cannot be enhanced for the Brute Force protection. I think a enterprise software which is "The ultimate Microsoft Exchange alternative" should considering a scenario where many people are working behind only one IP address. 
Richard Frank Replied
When a lot of address / accounts are actively used from the same IP address and someone locks his account only that account should be locked. Not the IP address.
With a kind of reputation system for IP numbers Smartermail would be able to learn if this is realy a attempt to hack from outside or just a user who forgot it's pass.
In the first case, the IP should be blocked according the brute force settings. The IP has 0 reputation, never succesfully logged on.
In the second case, the IP has a good reputation, multiple successful log ons per day, only the user should be locked out.. Warning your account has been disabled, get your cardboard box with the manager ;)
Kyle Kerst Replied
Just for clarification, is the setting needing to be changed the <LoginIsEnabled> parameter under <BruteforceSettings>? This has become a huge issue for one of my clients recently as someone has taken a keen interest in their inboxes. 
Kyle Kerst Cameron Solutions LLC www.cameron-solutions.com

Reply to Thread