While investigating, I implemented a simple lock. I'm in Denmark, my family is in Denmark, my Server is in Denmark. ERGO... I only allow Danish IP address access.
Well, with modifications. Port 25 SMTP I have set in hmailserver.ini to NOT allow login, so this is safe for everyone to use... PLUS I should be able to receive emails from the rest of the world

While trolling the 'net for similar observations I came across this one. Different OS and different server but SIMILAR problem!
https://steve.tty.org.uk/2017/05/08/a-v ... w-bot-net/
My initial observations:
1- The same IPAddress connect every 20'ish minute
2- Try 1: IMAP login <user>@<domain>
3- Try 2: IMAP login <user>
4- IPAddress may try different users from "session to session"
5- Different IPAddresses from all over the globe may try the same <user>
6- Since it is a low frequency connection, it is difficult for AutoBan to catch the problem, so they can try forever ...

There are two Quick-Fix'es to the problem.
1: hMailAdmin: Enable Auto-Ban.
Max invalid logon: 1 (maybe 2 if you are a kind person)
Minutes before reset: 1440
Minutes to auto-ban: 10080
This will slowly start to fill up your Auto-Ban list ...

2: My own Quick-Fix "bolt on the door"
Code: Select all
Sub OnClientConnect(oClient)
'
' Exclude local LAN from test
'
If (Left(oClient.IPAddress, 10) = "192.168.0.") Then Exit Sub
'
' Only allow login from DK (208)
' Lookup appropriate code here -> https://www.iso.org/obp/ui/
'
Dim strRegEx : strRegEx = "(999|208)"
If (oClient.Port <> 25) Then
If Not Lookup(strRegEx, NerdLookup(oClient.IPAddress)) Then
Result.Value = 1
Exit Sub
End If
End If
End Sub
'
' System Scripting Runtime COM object ("SScripting.IPNetwork")
' http://www.netal.com/ssr.htm
' Binary -> http://www.netal.com/software/ssr15.zip
'
' http://countries.nerd.dk/isolist.txt
'
Function NerdLookup(strIP)
Dim a
a = Split(strIP, ".")
With CreateObject("SScripting.IPNetwork")
strIP = .DNSLookup(a(3) & "." & a(2) & "." & a(1) & "." & a(0) & ".zz.countries.nerd.dk")
End With
If strIP = "" Then
NerdLookup = "999"
Else
a = Split(strIP, ".")
NerdLookup = CStr(a(2)*256 + a(3))
End If
End Function
Function Lookup(strRegEx, strMatch)
With CreateObject("VBScript.RegExp")
.Global = False
.Pattern = strRegEx
.IgnoreCase = True
If .Test(strMatch) Then
Lookup = True
Else
Lookup = False
End If
End With
End Function