Prevent account alias to access IMAP and other services

I noticed a great and increasing amount of brute force hack attempts on account aliases on my Axigen server.
This means that bots are trying to access IMAP accounts with alias e-mail addresses.

I’m using aliases as a means to fight spam, but now I realise I’ve increased the vulnerability to attacks on other services.

Is it possible to restrict IMAP (and other services) access to just premium account addresses and thus not allow the use of aliases for IMAP access?

Cheers,
-Ton.

Hello,

In Axigen 10.2.2 you may disable alias logins at server level (will affect all services and all users) using the below CLI commands:

<#> config server
<server#> set allowAliasLogins no
<server#> save config

Also you may restrict the access to a certain service (IMAP, POP3, Webmail, etc) for:

• a single account -> from Webadmin -> Domains & Accounts -> Manage Accounts -> edit the desire account -> General -> Services section
• a group of accounts through “account classes” -> from Webadmin -> Domains & Accounts -> Account Classes -> edit the desire account class -> General -> Services section
• an entire domain -> from Webadmin -> Domains & Accounts -> Manage Domains-> edit the desire domain -> Account Defaults -> General -> Services section

Thanks very much Florin!

I changed the value of “allowAliasLogins” to “no” and that solved my problem.

But I was not able to change it from the CLI, like you suggested. I get the these responses:

<server#> set allowAliasLogins no
+OK: command successful
<server#> save config
+OK: command successful

But when I check axigen.cfg the value of “allowAliasLogins” remains “yes”.
So I changed the value directly in the axigen.cfg file.

Cheers!
-Ton.

Hi,

You may try using the “commit” command before “save config”:

<#> config server
<server#> set allowAliasLogins no
<server#> commit
<#> save config

Regards,
Florin

Thanks again, Florin. You were quite right, the “commit” command did it.

Cheers,
-Ton.