Community
Should I be worried about this.
Happen 50 to 100 times a day on the same user account. Any advice. Beside deleting the account. I have Fail2Ban installed and it will ban attempts more than 3 from same IP but that is not much defense against a botnet with random IP’s .
Thanks MT1
Hello,
Could you please check one of those SMTP-IN session - like SMPT-IN:00000F46?
If it is on a :25 port listener you may disable authentication on that port, allowing authentication only on :587 or :465 (or any other uncommon port you may have).
At least this is what we are configuring in all of our deployments, keeping port 25 only for receiving messages on non-authenticated sessions (like the one from Internet).
HTH,
Ioan
Ok I am testing your suggestion now.:
I am disabling SMTP Receiving Port 25
Am I understanding correctly?
Thanks for the help.
Well that is not good. As it stopped all incoming (Duh! I knew this) Can you explain a bit more detail what you meant? You are correct it is SMTP-IN session on Port 25
I do not see authentication you speak of to disable.
Thanks.
Ok Thank You, I found a post where you answered this.
.
(See Above) For anyone else searching.
I am give it a try. Thank you for supporting the community!
MT1
Follow-Up 24hr later this fixed the problem Thanks for the help!
MT1
