block country

Problem reported by Sabatino - Today at 1:39 AM

Submitted

I implemented block auth country for all Asian countries because, according to statistics, they're just fake login attempts.

I expected to find a reference in the SMTP log that the session was blocked because of a block country, not the classic "Authentication failed - login failed."

This is to keep the statistics clean.

I don't even understand how SM works.

Let's give an example.

Country code: IN arrives on SMTP.

Then an Auth Login with

Authenticating as user@domain.tld

where in domain.tld the country code: IN is blocked.

I would expect the SMTP log to indicate that the block occurred due to the country code block (I don't expect a detailed resp to the client; in fact, it's better if they don't know, but it does appear in the log).

Another thing I'm wondering:

But do they still compare the password?

And if it's correct? What does it write in the log?

I'd expect to understand this too.

That is, the username and password are correct, but you can't authenticate because you're blocked by a country code block.

Sabatino Traini
Chief Information Officer

Genial s.r.l.
Martinsicuro - Italy

1 Reply

Reply to Thread

Sabatino Replied

Today at 1:43 AM

The idea is:

If I receive a correct authentication from a blocked country, this leads me to investigate.

If I then receive a correct authentication from a user from multiple blocked countries, it's definitely a compromise.

This is important information for analysis purposes.

I know SM reports don't have this level of detail, but I'm developing a custom analysis program, and not having this information is frustrating.

Sabatino Traini Chief Information Officer Genial s.r.l. Martinsicuro - Italy

Back to Community Threads

Please leave this box unchecked

Reply to Thread

Enter the verification text