SMTP Brute-Force Protection
RdpGuard helps you protect your SMTP server from brute-force attacks. It monitors SMTP port and blocks attackers IP addresses when the number of failed authentication attempts reaches the set limit. Check out the instructions below to learn how to enable and configure SMTP brute-force protection.
To Enable and Configure SMTP Protection
Start RdpGuard Dashboard and click on the link next to SMTP
SMTP Protection Link in RdpGuard Dashboard
SMTP Settings dialog will open:
SMTP Detection Engine Settings
Monitoring method for SMTP protocol
The following monitoring methods are supported for SMTP protocol:
- Traffic based monitoring
- Log based monitoring
Traffic based monitoring works with any SMTP servers, SSL/TLS connections are not supported.
Log based monitoring works with particular SMTP server's logs. SSL/TLS connections are supported.
Traffic based monitoring
The following traffic based monitoring methods are supported
- Raw Sockets - Does not work on Windows Server 2008 or with firewalls.
- WinPcap - Works on all Windows Editions, WinPcap must be installed.
You may specify multiple comma-separated ports for SMTP traffic monitoring.
Log based monitoring
Log based SMTP Monitoring
The following SMTP servers are supported for now:
- Kerio Connect
Log files directory
Specify log files directory used by selected SMTP server.