6
IPBAN: block attackers
Idea shared by Omar Escalante - 8/31/2021 at 8:30 AM
Proposed
We tested IPBAN PRO https://ipban.com
This product is great and behaves excelent with SMARTERMAIL.
With it you can block many attackers.

I've lost a lot of time looking to improve security, due many attacks. Wtith it (and other strateggies), now, the attacks are ZERO.

Can you check if there are possibilities to include IPBAN as ZIREN or SNIFFER?

7 Replies

Reply to Thread
1
Kyle Kerst Replied
Employee Post
Thanks for your suggestion on this Omar. I've requested a trial of this service so I can test it in-house and document how this works currently. Once I have that I'd be happy to escalate this as a feature request for you. 
Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com
0
We are using only Webmail, EAS and EWS
Here you have our SMTP report on August:


Greylisted from April (Weekly)
IDS
0
Kyle Kerst Replied
Employee Post
Thanks Omar. I am curious how the IPBAN system integrates with SmarterMail though, can you provide details on that? Is it updating your blacklists automatically?
Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com
0
The software reads the logs and use the errors.

This is our SMTP-in from January 1st
https://drive.google.com/file/d/1ZZa5Jwyok3DDYyYkeAWYKKZh4EOu9wjr/view?usp=sharing

IPBAN interfase page 1
https://drive.google.com/file/d/1x1w06emXCVjIsZisr9nP0o6cGGRSeGi1/view?usp=sharing

IPBAN interfase page  2
https://drive.google.com/file/d/1EaqNjksmLJ7U26IHR3BJrhZe5epr69k6/view?usp=sharing

IPBAN interfase page  3
https://drive.google.com/file/d/1lAMPU8OnpvN6LLWJLt1jpdzI6_HPBZN7/view?usp=sharing

There are more info. I think this will be useful.
I also made a simple VBA soft (using EXCEL VBA) to read the SMTP logs.

This is the last logs set (15 days) (week by week this is smaller because we almost don't have attackers)
https://drive.google.com/file/d/1rm1dKNZSYnnW5jLpKX0rizLd81LkYhBu/view?usp=sharing

Here you have the BLACKLIST build using the my logs interpretation:
https://drive.google.com/file/d/1VnsA4JG_FliTW0VCHJIEQS1mDYcF4gAk/view?usp=sharing

I think IPBAN use something similar, but in real time. 
2
So... it does exactly what SmarterMail already does? Reads the SM log files for invalid login attempts? Though, SM doesnt need to read the logs since it's running its services, it can handle them as the invalid attempts come in.
0
Yes, but with this you can auto load them as BLACKLIST to all server
The attackers can't find you again. They remain out of your server.

if you look this graph, this is clean without blocked connections. We don't have almost attackers. The server is only working for our company.
We are using only Webmail, EAS and EWS
Here you have our SMTP report on August:

1
I personally dont see the point of integration of another product into SM that does something SM already does, maybe I am missing something.

Reply to Thread