ErikH
My feedback
1 result found
-
180 votes
An error occurred while saving the comment An error occurred while saving the comment ErikH
commented
I'm very sad to see that this request that is almost 4 years (!!!) old and has been in top 3 requests for as long as I have seen it and even at top 1 for a long time is only at a "Planned" status. Hopefully this page is only lacking update... the release of X3 version that "currently" were scheduled to be released Q4 2018 is half a year ago feels less then updated.
I can't help loosing hope somwhat here. This is a feature I have seen in practiacally all competitive Mail servers since many years back.
Im growing tired of trying to manually scan logfiles and add malicius IP's to the blocking lists. I dont want to develop/implement a third party solution for a feature I consider to be mandatory in a mail server (or any system with public login capability). And as a wndows users all the Linux solutions is out of the question anyway.
As a response to Enea's comment om March 12:
This situation would be coverd by the white list requirement. Simply enter this single IP in the white list. I see no need to develop overcomplicated code to do unnecesary (and potentially riskfull) handling of passwords.An error occurred while saving the comment ErikH
commented
A bit far off but at least it is good to hear it is in the plan! :-)
An error occurred while saving the comment ErikH
commented
I was directed here for my questions about anti hammering in the Install directory of the Axigen forum .
Reading this I am really loosing my hope here. This question has been up for vote for two and a half years, is at the top of suggestions and Axiegen has still not created a function or a viable solution (scanning log files for actions in the firewall is not a acceptable solution). It is the mail server service that has the potential to knowledge about failed logins - NOT the firewall. And the error control and flow control really doesn't satisfactory address the problem here.
For example -One attack a few days back on my mail server resulted in about 800 hammering failed logon tries within 30 minutes from the same IP (New session for each try). That is not much of an attack but still filled my logs with unnecessary junk when I was trying to look for other problems.
This might be the first mail server I have seen and certainly used that does not have any anti hammering feature.
Get in the game Axien!There need to be a admin configurable:
- automatically temporary ban of IP for x time when x number of failed login attempts in x minutes has been received.
- automatically temporary lock of users for x time when x number of failed login attempts has been received.Black and white list of course for manually configure IP's and mail addresses/hosts to circumvent the above settings.
Best regards
//ErikErikH
supported this idea
·
Hi Gabriel,
I have just seen Axigens posted solution for this major problem that Brute force login attack is representing and that is to force us Windows users to buy a 3rd party product. (Linux users would at least have a free 3rd party solution) To refer to a 3rd party product for the protection of the Axien product (that we paid for!!) from one of the most basic problem that ANY account based product/service is facing - login security!!! is just too much.
https://www.axigen.com/articles/rdpguard-windows-brute-force-attack-protection_84.html
I still have not tried one single other Mail server that does not have native Brute force attack protection built in itself. Except for Axien!?!
Axigen probably needs to take a real good look at all its security implementation. I would even imagine GDPR would have some interests in how bad Axigen protects the accounts within its system and the risk for personal data leaks due to this.
Another example of lacking security I found after I have scrutinized the logs:
I wonder why the connecting client IP in SNMP-receiving is not looked up against DNS-Blocking Lists until after all EHLO commands AND after TLS initialization AND after mail is trying to be sent. Thus not at all for any login attempt
I understand that another DNSBL lookup at the time a mail is being proposed for delivery is needed to catch bad sender domains but a DNSBL lookup directly from the connection IP would probably catch most of these anyway along with loads of the brute force login attacks as well.
Also comparing my settings that only allow 10 new connections per minute from the same IP for SMTP receiving and the flow of connections in the logs I can during a Brute force login attack easily spot 30 or 40 or more connections and login attempts during a minute. So I am wondering if this very weak protection is even doing anything at all!
BTW Manually managing the built in Access restriction list very soon reveal its limited use with a maximum count of about 150 addresses. And any manual IP-block management is just close to wasted management.
I have tried hard to refrain myself from using bad language but I am really losing my patience here!!!
Two things that make me stick around. I really like the Web GUI for administration and webmail (Lacking possibility to get popup windows when opening mail is a setback) and I am hoping to help your other customers by trying to make Axigen own up to its very low standard of security and not push its problems under the rug of a 3rd party log scanning product.
I will send this to Axigen support as well