Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 3894 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMTP Login - I hope this is not standard behaviour

eclipse79oldacct
Hello,
In my SMTP proxy I have set 3 hosts in Host Based Relay that are authorized to use the built-in SMTP server. I have noticed that if a user tries to send mail throught Astaro, my asg queries the active directory in order to see if the user is authorized or not to relay, even if its ip address is not listed in Host Based Relay. The result of this is that my astaro was under attack (thousands of smtp transaction, all of these failed cause of unallowed user/password) and my Domain Controller received a lot of query. 

Is it normal? How can I block ip if they fails login attempts?

Thank You
eclipse79


This thread was automatically locked due to age.
Parents
  • 0
    Look on the 'Relaying' tab to be sure you do not have 'Allow authenticated relay' checked.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Look on the 'Relaying' tab to be sure you do not have 'Allow authenticated relay' checked.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Look on the 'Relaying' tab to be sure you do not have 'Allow authenticated relay' checked.



    Hi bob, 
    My actual configuration is this:

    - 3 hosts allowed to send mail
    - 2 LOCAL users allowed to send mail

    Considering that only LOCAL users are allowed to send mail (so no AD users), in my opinion is not correct that everytime a remote users tries to login astaro contact the AD. I think that the correct flow would be this:

    1) Remote user sends username and password
    2) Astaro checks if username is listed in "Allowed users/ groups"
    2.1) If username is listed, astaro should contact the authentication provider of the user (local provider in case of local user, AD provider in case of remote user)
    2.2) If username is NOT listed, astaro should deny the connection without query to authentication provider.

    What do you think about?

    Anyway, i think that the absence of auto-ban ip address in case of failed logins in a unacceptable lack of security. I request this feaure here:
    http://feature.astaro.com/forums/17359-astaro-gateway-feature-requests/suggestions/690018-ban-ip-address-for-x-minutes-if-login-fails?ref=title
  • 0 in reply to eclipse79oldacct
    Is there a real need to authenticate the two users to allow them to send through your Astaro?  You have two mail servers, yet these users don't have relay rights off either server?  At present, would it work better to NOT allow the users to relay, but to make packet filter rules blocking other port 25 traffic except for these two users?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Is there a real need to authenticate the two users to allow them to send through your Astaro?  
    Cheers - Bob


    Hi Bob, unfortunately there is a real need to authenticate the two users because they use mobile phones from internet (the phones are only able to comunicate with SMTP/POP3 account). So my need is real need [:)]
Cookie Information Banner