Product » A free email server for Windows and Linux » Knowledge Base
Document information
Document ID: | 5126 |
---|
Subject: | Invalid Login Alerts |
---|
Creation date: | 6/19/17 3:31 PM |
---|
Last modified on: | 9/21/18 10:22 AM |
---|
Invalid Login Alerts in Xeams
Similar to any other server facing the Internet, Xeams is vulnerable to attacks from malicious users on the Internet. The most common attack that occur is an attempt to guess a user ID and password combination.
Xeams is designed to generate email alerts when such an attack is detected. A sample alert is displayed below.
--------------------------------------------
Automatic alert from Xeams - DO NOT reply
Host Name: Xeams.YourCompany.com
IP Address: 192.168.1.100
--------------------------------------------
Too many invalid login attempts made from 100.101.102.103. This IP has been blocked for the
next 10 minutes. Someone from this IP is trying to connect to the Smtp Server on xeams.yourcompany.com.
Total attempts so far: 5
Steps you can take
You have several options:
Option 1 - Ignore it
Xeams will automatically block this user from authenticating. Once an IP gets blocked,
Xeams will pretend a user ID/password is incorrect, even if by chance they use the right combination.
Therefore, if you simply ignore this event the perpetrator will eventually stop.
Option 2 - Block from your firewall
You can block the IP address from hitting the Xeams server from your network firewall. The
downside of the technique is that you will have to constantly keep up with the IP addresses they use to hit your server.
Option 3 - Disable SMTP Authentication
If the attack is happening against your SMTP server (port 25) and you know that no valid user
will use SMTP Authentication, you can disable this feature in Xeams using the following steps:
- Login as admin to the web interface
- Click SMTP Configuration under Server Configuration
- Uncheck Allow SMTP Authentication right below Primary SMTP Port
- Once this feature is disabled, no one will be able to use Authentication therefore attacks will stop, provided they were
attacking SMTP port 25
Add a comment to this document
Do you have a helpful tip related to this document that you'd like to share
with other users?
Important: This area is reserved for useful tips. Therefore, do not post questions here. Instead, use our
public forums to post questions.