Disable external SMTP authentication

ttremain

• April 08, 2014 18:51

I am getting a lot of cPHulk messages saying that an SMTP server is under brute force attack. They try from one IP for a while, then try from another, then another. This particular server sends and receives very little email. While I do need to allow outside servers to perform callouts, I do not believe I have ANY reason to allow SMTP authentication to this server. So how would I block all SMTP authentication attempts? It would be nice if I could add an IP or RDNS whitelist just in case. If it were not for callouts, I could probably block all inbound port 25 attempts. Thank you!

• 

  vanessa

  • April 09, 2014 00:54

  This post may be relevant, though you'd need to alter the proposed solution slightly:

  0
• 

  ttremain

  • April 09, 2014 05:54

  [quote="vanessa, post: 1616181">This post may be relevant, though you'd need to alter the proposed solution slightly:
  Almost, but that thread is from 2006, and the exim configs have changed an awful lot since then.

  0
• 

  cPanelMichael

  • April 09, 2014 15:50

  The thread referenced, while outdated, still provides the general idea of modifying the "Accept Hosts" entry. Also, have you considered using a firewall management tool such as CSF to block connections to specific ports or to block full IP ranges from accessing those ports? Thank you.

  0
• 

  ttremain

  • April 09, 2014 16:32

  But "accept hosts" is used in the advanced config several times. So far, I think I would have to replace the "default_check_message_pre" section, but I could be incorrect. Blocking inbound port 25 via the firewall would not meet the requirements, because it would break the servers ability to receive mail, or receive callout requests.

  0

Please sign in to leave a comment.