Skip to main content

Reject smtpauth requests for non existent email accounts

Comments

3 comments

  • cPRex Jurassic Moderator
    Hey there! I'm not thinking of any obvious ways to stop this faster than their authentication failing. The firewall system doesn't know about the email accounts available on the server, so when they attempt an authenticated session that will fail, but does use up those resources in the meantime. Do you have cPHulk enabled so it can at least block any IP addresses that have failed multiple times?
    0
  • HowardE
    Hey there! I'm not thinking of any obvious ways to stop this faster than their authentication failing. The firewall system doesn't know about the email accounts available on the server, so when they attempt an authenticated session that will fail, but does use up those resources in the meantime. Do you have cPHulk enabled so it can at least block any IP addresses that have failed multiple times?

    Yes, cPHulk is enabled, and the one actually passing the smtpauth attack IP block on to the CSF firewall. The lack of obvious answers is why I posted here. :)
    0
  • cPRex Jurassic Moderator
    I don't personally know of a better or more efficient way to handle that type of traffic. Maybe a tool like Cloudflare has protection for that, but I'm not certain if that is something that would fall under their protection.
    0

Please sign in to leave a comment.