Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Security Concern
  •  
Levan

Messages: 9
Karma: 0
Send a private message to this user
Concern regarding SMTP security.
I use IP restrictions to prevent relay.
restricting relay to certain IP address's
I was concerned this morning when I noted in the warning log the following entry.

WARNING LOG
[07/Jan/2009 03:05:59] SMTP: User admin<_a.t_>ascotvetsurgery.com.au doesn't exist. Attempt from IP address 220.132.164.157
SEC LOG
[07/Jan/2009 03:06:05] Failed SMTP login from 220-132-164-157.hinet-ip.hinet.net

I considered any login/password based system to have two levels of security.
1. The usernames arent published anywhere two accessible and
2. Robust passwords.

But what I dont get here is that the Ip address involved would normally be restricted from a relay so why are we seeing an apparent login attempt...where the hacker is testing usernames.

I would have thought this would be restricted at the IP level and not wait to reject the login based on USERNAME.


  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Until the connecting party actually tries to relay, how will KMS know whether to reject it or not? Relaying is by definition the sending of email to a non-local address through your server, and in this case, no non-local address was given.

If the hacker had succeeded in guessing a username and password, only then would the relay attempt have been stopped. Until that happens, KMS cannot know what the IP is up to. I'd say this is a good enough way to reject relay attempts.

Remember that a legal user will also do SMTP AUTH if the server demands it, even if he/she subsequently sends mail to a local address.

This is the exact reason message submission (RFC2476) was introduced 10 years ago, so that nobody had any reason to do AUTH on port 25, but instead do it on port 587. Kerio doesn't support SMTP AUTH on port 587 though, only SMTP-SSL on the ancient and deprecated port 465.
  •  
Levan

Messages: 9
Karma: 0
Send a private message to this user
I see your point regarding the relay IP sec.

I dont bother with SMTP AUTH (in the relay options) because I limit it to IP's.

Frick, i am going to watch the SMTP debug logs and see whats going on
Previous Topic: Mutiple domain + multiple location
Next Topic: MailServer Upgrade
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Oct 21 14:21:31 CEST 2017

Total time taken to generate the page: 0.00414 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.