sanja wrote:hello hmailserver community,
i had installed hmail server and configured everything and everything is working correctly. now, i have looked at my server's SMTP log and i can find out the brute force attack was initiated to server but it wasn't went through because of STARTTLS and here is a footprint of attack's log,
attacker -> connected to smtp
server -> replied with 220 status
attacker -> HELO
server -> replied with 250 status
attacker -> AUTH LOGIN
server -> replied with 530 Must issue STARTTLS first.
attacker -> QUIT
server -> replied with 221 goodbye
So, attacker went off simply after 530 status message sent from server.
Now, my question, Is there anyway to block ip in this case automatically ?
i am using STARTTLS on port 25 and above attack is on it. So, guide me through out about all the possible way to prevent above attack.
sanja wrote:okey, i did it and i can see server is now sending 504 Authentication not enabled message to client.. its like solved but is there any way to track ips that are trying to AUTH and block those ips ?
Users browsing this forum: No registered users and 2 guests