SMTP Brute-Force Protection
Protection Overview
RdpGuard helps you protect your SMTP server
from brute-force attacks by monitoring the SMTP port or logs for failed authentication attempts.
When the number of failed attempts reaches the set limit, RdpGuard blocks the attacker's IP address.
Check out the instructions below to learn how to enable and configure SMTP brute-force protection.
To Enable and Configure SMTP Protection
Start RdpGuard Dashboard and click on the link next to SMTP
SMTP Protection Link in RdpGuard Dashboard
The SMTP Settings dialog will open:
SMTP Detection Engine Settings
Monitoring method for SMTP protocol
The following monitoring methods are supported for SMTP protocol:
Log based monitoring
The default option recommended for SMTP monitoring is through Logs.
This method involves monitoring SMTP server logs and is more efficient in terms of resource usage
compared to monitoring network traffic.
Moreover, it also works for SSL/TLS connections and supports detection of usernames.
SMTP Server
The following SMTP servers are supported for now:
Log files directory
Specify log files directory used by selected SMTP server.
Traffic based monitoring
Another option for monitoring SMTP is through traffic. This method can be used with any SMTP server,
but requires more resources compared to monitoring through logs.
Please also note that SSL/TLS connections and username detection is not supported.
SMTP Monitoring via Traffic
The following traffic based monitoring methods are supported
-
WinPcap
- Works on all Windows Editions, WinPcap must be installed.
-
Raw Sockets - Does not work on Windows Server 2008 or with firewalls.
SMTP port
You may specify multiple comma-separated ports for SMTP traffic monitoring.
|
