I noticed a great and increasing amount of brute force hack attempts on account aliases on my Axigen server.
This means that bots are trying to access IMAP accounts with alias e-mail addresses.
I’m using aliases as a means to fight spam, but now I realise I’ve increased the vulnerability to attacks on other services.
Is it possible to restrict IMAP (and other services) access to just premium account addresses and thus not allow the use of aliases for IMAP access?
In Axigen 10.2.2 you may disable alias logins at server level (will affect all services and all users) using the below CLI commands:
<#> config server
<server#> set allowAliasLogins no
<server#> save config
Also you may restrict the access to a certain service (IMAP, POP3, Webmail, etc) for:
a single account -> from Webadmin -> Domains & Accounts -> Manage Accounts -> edit the desire account -> General -> Services section
a group of accounts through “account classes” -> from Webadmin -> Domains & Accounts -> Account Classes -> edit the desire account class -> General -> Services section
an entire domain -> from Webadmin -> Domains & Accounts -> Manage Domains-> edit the desire domain -> Account Defaults -> General -> Services section