Brute-force protection for Post Office Protocol V3 (POP3). How to stop dictionary-based attacks on POP3 protocol.

POP3 Brute-Force Protection.

The Post Office Protocol (POP) is an application-layer protocol used by e-mail clients to retrieve e-mail from a server.

The very first version of the protocol (POP1) was described in RFC 918 in 1984. One year later, in 1985, the second version of the protocol (POP2) was introduced by RFC 937. POP version 3 (POP3) is the most recent version of the protocol was originated with RFC 1081 in 1988.

During the last 10 years POP3 has been superseded by the Internet Message Access Protocol (IMAP). But, after 30 years of the introduction, POP3 is still used on many servers around the globe.

The protocol was the subject of interest from the hackers and security experts many times. In result, multiple tools for POP3 brute-forcing are freely available on the Internet.

If POP3 ports are open on your server, you may notice repeating entries in your logs like below:

"POP3D"	"SENT: +OK POP3"
"POP3D"	"RECEIVED: CAPA"
"POP3D"	"SENT: +OK CAPA list follows[nl]USER[nl]UIDL[nl]TOP[nl]."
"POP3D"	"RECEIVED: USER bob"
"POP3D"	"SENT: +OK Send your password"
"POP3D"	"RECEIVED: PASS ***"
"POP3D"	"SENT: -ERR Invalid user name or password."
"POP3D"	"RECEIVED: USER alice"
"POP3D"	"SENT: +OK Send your password"
"POP3D"	"RECEIVED: PASS ***"
"POP3D"	"SENT: -ERR Invalid user name or password."
"POP3D"	"RECEIVED: USER joe"
"POP3D"	"SENT: +OK Send your password"
"POP3D"	"RECEIVED: PASS ***"
"POP3D"	"SENT: -ERR Invalid user name or password."
"POP3D"	"SENT: +OK POP3"
"POP3D"	"RECEIVED: CAPA"
"POP3D"	"SENT: +OK CAPA list follows[nl]USER[nl]UIDL[nl]TOP[nl]."
"POP3D"	"RECEIVED: USER office"
"POP3D"	"SENT: +OK Send your password"
"POP3D"	"RECEIVED: PASS ***"
"POP3D"	"SENT: -ERR Invalid user name or password."
"POP3D"	"RECEIVED: USER fax"
"POP3D"	"SENT: +OK Send your password"
"POP3D"	"RECEIVED: PASS ***"
"POP3D"	"SENT: -ERR Invalid user name or password.
"POP3D"	"RECEIVED: USER reception"
"POP3D"	"SENT: +OK Send your password"
"POP3D"	"RECEIVED: PASS ***"
"POP3D"	"SENT: -ERR Invalid user name or password."

These attempts usually mean brute-force attack on your POP3 server. They waste your server's resources - bandwidth, RAM, CPU and free disk space.

If some of your POP3 users have weak passwords, attackers may succeed and get access to the user's mailbox.

RdpGuard effectively protects your POP3 server from brute-force attacks.

RdpGuard works with POP3 ports or logs on your server to detect failed login attempts. If the number of failed login attempts from a single IP address reaches a set limit, the attacker's IP address will be blocked.

For Windows Vista/7/8/8.1/10/11 and Windows Server 2008/2012/2016/2019/2022

"This sotware is really great. It's a relief. Because my server is constantly under attack. Thanks RdpGuard" - Joaquim De Sousa Marques

"Nice product. I used to implement something similiar in a low-tech and cumbersome manner via a script called TSBlock (not mine). This makes it much easier and is well worth the pricetag for SMB's." - J. Johnson

"Absolutely amazed at your product. We are a church in the North Dallas area, and I discovered this morning multiple failed logon attempts via our Remote Access Server. A friend suggested your product, so I immediately downloaded the trial. It had a list of about five blocked IP addresses in minutes, and that was enough to lead me to push the BUY button. Over the past 10-15 minutes the list is now about thirty with at least a third being international attempts to break into our system. Thanks for a great product. You may have just saved us much grief." - John Hallford

"Love the software. RDP on our Windows servers is just ridiculous. We would block it in the router but we have lots of old-time customers that would have issues." - Scott Hirsch

"Love the software! Makes it easier than tailoring VB Scripts!!" - Nick Brennan

"It's a great product - really stopping those RDP attackers :-)" - Dave, UK

"First of all: Your application is very (!!!) useful and I like it very much securing my 2012 R2 server. RdpGuard is the best solution, I found on the market and after 10 minutes of testing it I ordered the fully-featured version. :-)" - Carsten Baltes

POP3 Brute-Force Protection.

See Also