Page 1 of 1

Automatic Block Mail Account (distributed SMTP Logins)

Posted: 17 Jan 2014, 13:49
by shenzy
Hello,
The option for block distributed SMTP Logins is very usefull, but is necessary some advanced option to permit the automatic block of one email account involved in "more than X" continous distributed smtp logins.

For example, I have configured the distributed smtp logins detection to 3 diferent IP. Recently i recived from my server over 15 continuous mails alerting for distributed smtp logins for the account "personal.mail@somedomain.com". Example of this mails..
Mail N°1:
Time: Thu Jan 16 17:36:25 2014 -0300
IP: distributed SMTP Logins on account [personal.mail@somedomain.com]
Failures: 3
Interval: 300 seconds
Blocked: Temporary Block

IP Addresses Blocked:

188.209.248.11 (MD/Moldova, Republic of/11-248-209-188.globnet.md)
178.123.49.226 (BY/Belarus/-)
95.79.183.21 (RU/Russian Federation/dynamicip-95-79-183-21.pppoe.nn.ertelecom.ru)

Mail N°2:
Time: Thu Jan 16 17:39:51 2014 -0300
IP: distributed SMTP Logins on account [personal.mail@somedomain.com]
Failures: 3
Interval: 300 seconds
Blocked: Temporary Block

IP Addresses Blocked:

37.45.119.213 (BY/Belarus/-)
37.215.15.155 (BY/Belarus/-)
176.96.226.65 (RU/Russian Federation/-)

Mail N°2:
Time: Thu Jan 16 17:49:41 2014 -0300
IP: distributed SMTP Logins on account [personal.mail@somedomain.com]
Failures: 3
Interval: 300 seconds
Blocked: Temporary Block

IP Addresses Blocked:

109.165.54.194 (RU/Russian Federation/194.54.165.109.donpac.ru)
178.122.195.166 (BY/Belarus/-)
77.66.241.64 (RU/Russian Federation/-)
This 3 mails are recived in very short time, every one for 3 diferent IP's.. and a total of 9 diferent IP's.
It would be useful if the system detects three or more consecutive distributed SMTP Logins, proceed to change the password for the email account to prevent other accesses.

Re: Automatic Block Mail Account (distributed SMTP Logins)

Posted: 05 Jun 2015, 11:40
by Miron
Hello,

Have you found a way how to automatically change email account password on continuous distributed SMTP logins?

Can we request this as a new feature?

[ ] Change email account password when more than "X" continuous distributed smtp logins are detected in last "X" seconds

[ ] Send email alert

[ ] Exclude counting distributed logins from some IP, IP range/s or Hostname/s, like *.google.com (when client is using Gmail for sending mails via email account)

Re: Automatic Block Mail Account (distributed SMTP Logins)

Posted: 07 Mar 2018, 13:40
by stormy
This would be a FANTASTIC feature. Distributed attacks are getting more and more frequent.