Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Block IP after xy failed POP3 or SMTP logins?
  •  
reneS

Messages: 62
Karma: 0
Send a private message to this user
Hello,

I'm looking at my log files and am wondering if it is possible to block an IP address after (for example) 5 failed POP3 or SMTP logins? Now my log file is looking like this:
[16/May/2010 10:13:31] Failed POP3 login from 75.110.229.148, user root<_at_>myDomain.com.
[16/May/2010 10:13:31] Failed POP3 login from 75.110.229.148, user admin<_at_>myDomain.comt.
[16/May/2010 10:13:31] Failed POP3 login from 75.110.229.148, user webmaster<_at_>myDomain.com.
[16/May/2010 10:13:32] Failed POP3 login from 75.110.229.148, user user<_at_>myDomain.com.
[16/May/2010 10:13:32] Failed POP3 login from 75.110.229.148, user test<_at_>myDomain.com.
[16/May/2010 10:13:32] Failed POP3 login from 75.110.229.148, user web<_at_>myDomain.com.
[16/May/2010 10:13:32] Failed POP3 login from 75.110.229.148, user www<_at_>myDomain.com.
... and counting Confused

Am I missing anything here?

Kind regards
René
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Check out fail2ban. It can temporarily block things like this.
http://www.fail2ban.org
  •  
reneS

Messages: 62
Karma: 0
Send a private message to this user
Thank you very much for your fast answer!

But I'm afraid, that I'm not good enough to configure this piece of software. I installed it, but don't know further.
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
If you run KMS/KC on something else than Windows, google for "fail2ban kerio". If it's still too hard I suggest you give up.
  •  
reneS

Messages: 62
Karma: 0
Send a private message to this user
As you suggested I did a google search and found a link to this forum:
http://forums.kerio.com/index.php?t=msg&goto=66931&S =adce8cf33359bf1eb37036c7eaeb5242

I'm running my Kerio Connect on Mac OS X 10.6 Server, it looks like this step by step instruction is for Linux. I can copy and paste instructions using OS X Terminal, but I'm afraid that this is to hard for me Sad

Thanks anyway for trying to help me.

Kind regards.
  •  
freakinvibe

Messages: 1540
Karma: 62
Send a private message to this user
My 2 cents: Ignore those warnings. If you have strong passwords, there is no risk of anyone breaking into your system.

I have those attempts from lots of different IP addresses in the warning log every day and it is not a real problem. They are from bots trying to guess weak passwords.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
Previous Topic: rsync automated backup permissions
Next Topic: old accounts receive fine, new one cannot
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 17 09:49:20 CEST 2017

Total time taken to generate the page: 0.00426 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.