Back to Community Threads
Can we / is there a - Login - Primary IP not a whitelist
Problem reported by Curtis Kropar www.HawaiianHope.org - Today at 3:14 PM
Submitted
In our collective constant quest to stop the parasites from attacking our email servers, is there a way to do this ? If not, This is then my suggestion.

For account logins and authentication (possibly other things too), It would be nice to have a "primary IP address" where when a client is logging in, it has a higher trust level than any other IP. This could / would work in conjunction with IDS blocking.
NOT mistaking that for a whitelist, this is not a unlimited master key.

Most of our clients have locations with static IP Addresses, and most of them only ever access their email from those static IP's, The rare exception is if they set up email on their cell phones, but then the cell phones store the password - unless they are using webmail on their phone (or tablet.) BUT out of a couple of hundred email accounts on our server, I think only 8 users access their email from their phones.

I would like to plug in the primary IP addresses that our clients access their email from for each domain (Some domains have 3 primary IPs from 3 physical locations), and any login attempt from any other locations is instantly more questionable. 

For Instance : With IDS I could say, 
A) For any (known) primary IP addresses, login fails are allowed more than 20 times in 10 minutes (because there may be 40+ different people trying to log in at one IP Address) 
B) But any login attempts made from an unknown (not primary) IP address, is automatically questioned and is limited to 3 login failures in 3 minutes then it is blocked. Since a cell phone store the password, this would not impact most email clients on cell phones.

C)  AND, if a primary IP address gets blocked, an email alert is sent to me the system admin. This way I can investigate immediately as the client is sure to be calling for support since their primary site is locked out.

www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !
John Quest Replied
Today at 3:25 PM
IMHO, as a 25 year network administrator of which being an email server administrator is part of it, my recommendation and suggestion is that all email servers are behind a firewall. 

Then, the firewall can watch the traffic.

What your idea about known and unknown external IP addresses on the Internet would have to be done via some sort of database and constant watching and checking and reading and writing and such. 

That is way beyond the scope of an email server. 

Yes, if you only have 50 users accessing email, that seems to be doable. BUT, you must remember, it must also be scalable to say 5,000 users accessing email at which point it is practically impossible for any sort of feature of an email server to keep up with.

Just my 2 cents, which really is not worth much at all.
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Key Feature and Version Milestones in SmarterMailSmarterMail
Reset the System Administrator Username and Password (Windows)SmarterMail > Installation and Configuration
Reset the System Administrator Username and Password ( Linux )SmarterMail > Installation and Configuration
About Your SmarterTools AccountGeneral Topics
Moving SmarterMail Data to Shared StorageSmarterMail > Server Configuration and Management