Brute-force protection for your SMTP server. Stop password-guessing attacks on SMTP.
RdpGuard
Intrusion prevention system for your Windows Server
 
Follow:
Twitter
Telegram
Facebook
RSS

SMTP Brute-Force Protection.

Exposing the SMTP (Simple Mail Transfer Protocol) port to the Internet can pose a risk in terms of brute-force attempts - attackers can use automated tools to guess usernames and passwords in order to gain unauthorized access to the SMTP server.

If an attacker is successful in obtaining the username and password for a legitimate user's email account, they can use it to send spam or phishing emails, or to steal sensitive information.

An attacker using an organization's SMTP server to send spam or phishing emails can cause significant harm, such as damaging the organization's reputation and leading to their IP address being blacklisted by email service providers.

If you are running an SMTP server on your Windows Server, you may notice that your SMTP logs contain thousands of lines similar to the following: 

"91.200.12.125" "SENT: 535 Authentication failed. Restarting authentication process."
"91.200.12.125" "RECEIVED: ***"
"91.200.12.125" "SENT: 535 Authentication failed. Restarting authentication process."
"91.200.12.125" "SENT: 220 mailserver.com ESMTP"
"91.200.12.125" "RECEIVED: EHLO User"
"91.200.12.125" "SENT: 250-mailserver.com[nl]250-SIZE 20480000[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"91.200.12.125" "RECEIVED: AUTH LOGIN"
"91.200.12.125" "SENT: 334 VXNlcm5hbWU6"
"91.200.12.125" "RECEIVED: aW52ZW50b3J5"
"91.200.12.125" "SENT: 334 UGFzc3dvcmQ6"
"91.200.12.125" "RECEIVED: ***"
"91.200.12.125" "SENT: 535 Authentication failed."
"91.200.12.118" "SENT: 220 mailserver.com ESMTP"
"91.200.12.118" "SENT: 220 mailserver.com ESMTP"
"91.200.12.118" "RECEIVED: EHLO User"
"91.200.12.118" "SENT: 250-mailserver.com[nl]250-SIZE 20480000[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"91.200.12.118" "RECEIVED: EHLO User"
"91.200.12.118" "SENT: 250-mailserver.com[nl]250-SIZE 20480000[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"91.200.12.118" "RECEIVED: AUTH LOGIN"
"91.200.12.118" "SENT: 334 VXNlcm5hbWU6"
"91.200.12.118" "RECEIVED: AUTH LOGIN"
"91.200.12.118" "SENT: 334 VXNlcm5hbWU6"
"91.200.12.118" "RECEIVED: bGVnZW5k"
"91.200.12.118" "SENT: 334 UGFzc3dvcmQ6"
"91.200.12.118" "RECEIVED: bGVnZW5k"
"91.200.12.118" "SENT: 334 UGFzc3dvcmQ6"
"91.200.12.118" "RECEIVED: ***"
"91.200.12.118" "SENT: 535 Authentication failed. Restarting authentication process."
"91.200.12.118" "RECEIVED: ***"
"91.200.12.118" "SENT: 535 Authentication failed. Restarting authentication process."

These failed authentication attempts represent brute-force attacks on your SMTP server. If your SMTP passwords are not strong enough, spammers may succeed in gaining access and use your server to send spam emails, which can result in your server being blacklisted.

These attacks can also consume your server resources, such as bandwidth, CPU, memory, and free disk space (SMTP logs may grow enormously).

RdpGuard can help you protect your SMTP server from brute-force attacks.

It works with any SMTP server software and can monitor either the SMTP ports or the server logs to detect failed login attempts.

If the number of failed login attempts from a single IP address reaches a set limit (three by default), the attacker's IP address will be blocked.

For Windows Vista/7/8/8.1/10/11 and Windows Server 2008/2012/2016/2019/2022

See Also

How to enable and configure SMTP Brute-Force Protection

RdpGuard 9.9.9 Free Trial

RdpGuard protects:

Social Connection
RdpGuard Logo
 
People like RdpGuard!
Our customers say

"This sotware is really great. It's a relief. Because my server is constantly under attack. Thanks RdpGuard" - Joaquim De Sousa Marques

"Nice product. I used to implement something similiar in a low-tech and cumbersome manner via a script called TSBlock (not mine). This makes it much easier and is well worth the pricetag for SMB's." - J. Johnson

"Absolutely amazed at your product. We are a church in the North Dallas area, and I discovered this morning multiple failed logon attempts via our Remote Access Server. A friend suggested your product, so I immediately downloaded the trial. It had a list of about five blocked IP addresses in minutes, and that was enough to lead me to push the BUY button. Over the past 10-15 minutes the list is now about thirty with at least a third being international attempts to break into our system. Thanks for a great product. You may have just saved us much grief." - John Hallford

"Love the software. RDP on our Windows servers is just ridiculous. We would block it in the router but we have lots of old-time customers that would have issues." - Scott Hirsch

"Love the software! Makes it easier than tailoring VB Scripts!!" - Nick Brennan

"It's a great product - really stopping those RDP attackers :-)" - Dave, UK

"First of all: Your application is very (!!!) useful and I like it very much securing my 2012 R2 server. RdpGuard is the best solution, I found on the market and after 10 minutes of testing it I ordered the fully-featured version. :-)" - Carsten Baltes

Our Other Products
TntDrive
Easily mount Amazon S3 Bucket as a Windows Drive
S3 Browser
Powerful Windows Client for Amazon S3 and Amazon CloudFront
Copyright © 2012-2025 NetSDK Software. All rights reserved.  Terms of Use.  Privacy Policy.