Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Security problem and Memory leak
  •  
pwilson

Messages: 1
Karma: 0
Send a private message to this user
First of all I am running 6.0.4 on OS X server. I like to stay a couple of updates behind because I've had problems before of immediately updating to the lastest version of something. The newest versions don't address these problems anyway.

Problem 1: Memory leak--After checking my e-mail from home using IMAPS and logging off, Kerio MS will still show that connection as an active connection in the status section. I have a list of old connections that don't go away unless the server is restarted.

Problem 2: I would like to deny IP ranges instead of only allowing them. Someone in China is trying to hack into the server by using SMTP with an assortment of usernames. Their IP address changes after a number of failed attempts. How do I block a range of addresses? Not just from relaying mail, but logging in at all.

Request 1: In the active connections I would like to be able to select a user and delete the connection. (This would help with the first 2 problems.)

Request 2: I would like to be able to copy and paste or export log text.

Thanks,
Perry
  •  
jledbett

Messages: 61
Karma: 0
Send a private message to this user
I've never used OS X, but I would think that blocking addresses completely would be more up to the OS or third party rather than the mail server. Some sort of software firewall?

James
  •  
sonofcolin

Messages: 483
Karma: 0
Send a private message to this user
Quote:

Problem 1: Memory leak--After checking my e-mail from home using IMAPS and logging off, Kerio MS will still show that connection as an active connection in the status section. I have a list of old connections that don't go away unless the server is restarted.



I told support about this a long time ago in conjunction with another Entourage issue and I was told to alter the MTU of our wireless clients!!! If you are using wireless connections to your KMS then this can be a real problem! I have seen hundreds of lingering connections in the admin. It really needs to be looked into.
  •  
markflo

Messages: 10
Karma: 0
Send a private message to this user
How about setting Entourage to only send one request to the server at a time. That seems to help with my Mac clients using Entourage 2004 on KMS 5.7.10. It's under the "Options" tab in the Entourage account settings -- make sure "Send commands to server simultaneously" is UNCHECKED.
  •  
freakinvibe

Messages: 1553
Karma: 62
Send a private message to this user
Problem 2: I had the same problem. Lots of security log entries from a Chinese IP address range, trying some user names and passwords.

I don't think you can stop this in KMS. You must do that on your firewall. I did it like this and..... no entries in security log anymore.

Regards, Pascal
  •  
DrFix

Messages: 13
Karma: 0
Send a private message to this user
I've looked at the security logs and found numerous failed attempts using a variety of names.... either with info, admin, support etc. etc. The majority being, surprise, from Asia. They appear to be bots of some sort since nobody I know would sit down and repeatedly type in a dozen times the same address only seconds appart.

What I'd like to see is the capability of having these attempts automatically entered into your own custom black list for later forensic examination and if its innocent than you can remove them while the rest can spend their time in blacklist hell. I've the server set to deny attempts after a low fixed amount of failures but from the log files I saw dozens of attempts! Whats up with that?

Also, the ability to have these logs emailed to the admin, preferably in some format other than just plain text, on a scheduled or customised time frame. My firewall does the email gig but unfortunately its just a dump and a real pain in the butt to pull out patterns of abuse.

[Updated on: Fri, 28 January 2005 15:34]

Previous Topic: **SPAM** comming through if relayed.
Next Topic: 2 mail accounts using KMC
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 21 03:47:34 CET 2017

Total time taken to generate the page: 0.00453 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.