1
IP to Country Resolution - Two databases?
Problem reported by Brian A. - 5/8/2025 at 7:30 AM
Submitted
Are there two different database for the resolving of which country an IP Address is from?

I have "Block Authentication by Country" set to Block ALL but US. However, I still have NON-USA countries show up in my IDS Block List for Brute force by Password.

The system is working somewhat because I have lots of blocked logins due to not being on "allowed country list." But some IPs are getting on IDS Block List for incorrect password that show the country as being a NON-USA country.

1 Reply

Reply to Thread
0
Brian A. Replied
It turns out that the non-USA countries are attempting login because they are not using a domain but simply a username like "contact" or "postmaster" with no domain.

EXAMPLE:
[2025.05.08] 22:21:05.079 [5.31.0.134] SMTP Attempting to login user: contact
[2025.05.08] 22:21:05.079 [5.31.0.134] SMTP Login failed: Domain [] not found
[2025.05.08] 22:21:05.079 [5.31.0.134] SMTP Login failed: That domain was not found. Double check your email address.

Is there a way to block login attempts (except for admin user names, obviously) without domain or set the "Block List for the entire server as opposed to domain?

Reply to Thread

Enter the verification text