IMAP Brute-Force Protection
IMAP Protection Overview
RdpGuard provides effective protection
for your IMAP server against brute-force attacks.
It does so by monitoring the IMAP port(s) or logs on your server and automatically blocking
the attacker's IP address when the number of failed authentication attempts from a single IP
address reaches a pre-set limit.
Follow the instructions below to learn how to enable and configure IMAP protection using RdpGuard.
To Enable and Configure IMAP Protection
Start RdpGuard Dashboard and click on the link next to IMAP
IMAP Protection Link in RdpGuard Dashboard
The IMAP Settings dialog will open:
IMAP Detection Engine Settings
Monitoring method for IMAP protocol
The following monitoring methods are supported for IMAP protocol:
Log based monitoring
The recommended default option for IMAP monitoring is via Logs. This method works by monitoring specific IMAP server logs
and is more resource-efficient than monitoring traffic.
Additionally, it supports SSL/TLS connections and username detection.
IMAP Server
The following IMAP servers are supported for now:
Log files directory
Specify log files directory used by selected IMAP server.
Traffic based monitoring
The second option for IMAP monitoring is via traffic. This method works with any IMAP server,
but uses more resources than monitoring via logs.
It's worth noting that this method doesn't support SSL/TLS connections or username detection
IMAP Monitoring via Traffic
The following traffic based monitoring methods are supported
-
WinPcap
- Works on all Windows Editions, WinPcap must be installed.
-
Raw Sockets - Does not work on Windows Server 2008 or with firewalls.
IMAP port
You may specify multiple comma-separated ports for IMAP traffic monitoring.
|
