SMTP Brute-Force Protection
RdpGuard helps you protect your SMTP server from brute-force attacks. It monitors SMTP port and blocks attackers IP addresses when the number of failed authentication attempts reaches the set limit. Check out the instructions below to learn how to enable and configure SMTP brute-force protection.
To enable SMTP brute-force protection
1. Start RdpGuard Dashboard and click Tools, Options
Click Tools, Options
2. RdpGuard Options dialog will appear, open the Monitoring tab
RdpGuard Monitoring Options
3. Check Enable SMTP protection
4. Click Save. RdpGuard service will be restarted.
SMTP brute-force protection Configuration
1. Click Tools, Options, Monitoring
2. Click the configure.. link:
Click the configure link
SMTP Settings dialog will open:
SMTP Detection Engine Settings
If you are using non-standard SMTP port, please specify it here. You may specify multiple comma-separated ports.
Addresses to monitor
In new versions of RdpGuard we switched from log parsing detection to socket based approach. This allows us to support the Protocol instead of particular software (because logs are software-specific)
RdpGuard listens on the protocol specific ports for an each IP address associated with the machine. This may affect server performance if there are high number of IP addresses associated with the machine.
In order to avoid performance decrease, you may consider limiting the number of ip addresses your SMTP server software is listening on. This could be configured in SMTP server software settings or via firewall rules.
When you done with the SMTP server configuration, you may update addresses to monitor in RdpGuard.
3. Click Save to close this dialog and Save to close the RdpGuard Options dialog.
4. Restart RdpGuard Service via the Tools menu