Product » Xeams » Knowledge Base

Document information

Document ID:5126
Subject:Invalid Login Alerts
Creation date:6/19/17 3:31 PM
Last modified on:6/19/17 3:36 PM


Invalid Login Alerts in Xeams

Similar to any other server facing the Internet, Xeams is vulnerable to attacks from malicious users on the Internet. The most common attack that occur is an attempt to guess a userid/password combination.

Xeams is designed to generate email alerts when such an attack is detected. A sample alert is displayed below.
--------------------------------------------
Automatic alert from Xeams - DO NOT reply   
Host Name:  Xeams.YourCompany.com
IP Address: 192.168.1.100
--------------------------------------------

Too many invalid login attempts made from 100.101.102.103. This IP has been blocked for the 
next 10 minutes. Someone from this IP is trying to connect to the Smtp Server on xeams.yourcompany.com. 
Total attempts so far: 5

Steps you can take

You have several options:
Option 1 - Ignore it
Xeams will automatically block this user from authenticating. Once an IP gets blocked, Xeams will pretend a user id/password is incorrect, even if by chance they use the right combination.

Therefore, if you simply ignore this event the perpetrator will eventually stop.
Option 2 - Block from your firewall
You can block the IP address from hitting the Xeams server from your network firewall. The downside of the technique is that you will have to constantly keep up with the IP addresses they use to hit your server.
Option 2 - Disable SMTP Authentication
If the attack is happening against your SMTP server (port 25) and you know that no valid user will use SMTP Authentication, you can disable this feature in Xeams using the following steps:

  • Login as admin to the web interface
  • Click SMTP Configuration under Server Configuration
  • Un-check Allow SMTP Authentication right below Primary Smtp Port
  • Once this is feature is disabled, no one will be able to use Authentication and therefore attacks will stop, provided they were attacking SMTP port 25




Add a comment to this document

Do you have a helpful tip related to this document that you'd like to share with other users? Please add it below. Your name and tip will appear at the end of the document text.
Your name:
Your email:
Hide my email address
Verification code:
Enter the verification code you see above more submitting your tip
Tip:Please limit tips to 1000 characters