Hello,
I have used the Sophos UTM for many years now. For the past few days, I have been having a problem with botnets attempting to authenticate against my email server (hMailServer), which sits behind the Sophos UTM. I have resorted to blocking several countries in the firewall as I can’t seem to find any alternative solution to rectifying this problem. The email server is showing my external IP address for these authentication attempts, so I can’t utilise auto-banning for failed auth, as this will ban my IP instead of the botnet’s IP’s.
Is there a way of preserving the hosts IP and passing that from the UTM to the email server or is there a way of letting the UTM handle authentication to the email server as a proxy? I seen reference to SMTP authentication, but I am not sure if this will resolve my problem or how to set this up.
I only have IMAP, SMTP and secure SMTP enabled. POP3 is not enabled.
Cheers,
Richard
This thread was automatically locked due to age.
 
				 
		 
					 
				 
				