1
brute force and DOS attacks on SmarterMail server Build 8531
Question asked by Eric Bourland - 5/15/2023 at 10:22 AM
Unanswered
SmarterMail Build 8531

Hello, friends,

May I ask for your advice, please?
Beginning about a month ago, in April or so, my SmarterMail server has been attacked by Brute Force and Denial of Service attacks, coming from IPs in Iran, the Netherlands, Romania, and so on. My users are beginning to get worried, and I am not sure what to do.

Users sometimes are locked out of their own SmarterMail web mail, because the external attackers have bruteforced their usernames. Ugh! This has never happened in my many years of using SmarterMail.

I attach my current IDS Block settings; do they look OK to you?

Is there anything else you suggest to stop these attacks?

Thank you as always for your help.

Eric

5 Replies

Reply to Thread
1
This is mine. It works quite well.

1
Seph Parshall Replied
I have a pfSense firewall in front of my mail server that has country blocking turned on. I added a White List in case there are companies that any of my customers do business with. So as example, I block China but have made exceptions for a few servers there that email my customer.
1
Eric Bourland Replied
Brian, thank you for this helpful answer. I am considering my options. I really appreciate your time.

Eric
0
Eric Bourland Replied
Seph, thank you! I will check out the pfSense software. I really appreciate your time. Eric
1
Hi Seph

Its not good practice to run pfblockerNG in front of a mailserver. I get the idea to why but its high maintenance.
Consider using Snort/Suricata on the FW itself both on WAN and DMZ.
By doing so, you can block the ones that knock on the door (portscanning) and let the good guys through.


Reply to Thread