Intercepting SMTP Auth Failed

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

Intercepting SMTP Auth Failed

Postby damien » Dec 29 15 11:12 pm

Hi

I would like to blacklist the IPs failing to authenticate too often. How can I do that ?

Is there a way to intercept "SMTP AUTH failed" with SMTP Policies ?

Thanks for answer

Best regards

Damien
damien
 
Posts: 24
Joined: Apr 02 13 10:22 pm

Re: Intercepting SMTP Auth Failed

Postby adrien » Dec 30 15 10:19 am

HI Damien

The enterprise version pushes an event when an auth fails (Users and Groups: AuthFailed), this could be used to track the offending IP address.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5270
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Intercepting SMTP Auth Failed

Postby damien » Jan 10 16 10:48 pm

Hi

If someone needs that kinf of feature, I did it by using 2 policies binded to 2 SMTP events : ClientConnect & MessageReceived

The first one, checks if IP is blacklisted and, if not, increases a counter.
If the counter reaches a max value, IP is added to the blacklist table.

If an AUTH FAILED event has occured, the process stops here.

The second one occures when a mail was received. This means that sender is valid => counter is reset to 0.

Best regards
damien
 
Posts: 24
Joined: Apr 02 13 10:22 pm

Re: Intercepting SMTP Auth Failed

Postby ChadRA » Mar 03 19 6:57 am

Hi damien,

I know this thread is quite old, but what you have done seems to be what I would like to do... basically automate the blacklisting of all those IP addresses which continually attempt to use the Wingate email server.
Would it be possible to provide a bit more detail on what you have done, i.e. how does the one policy check if the IP is already blacklisted? Are you using the one of the available data lists (Banned Sites? Blocked URLs?) or have you created your own data list for this?

Thanks,
Chad.
ChadRA
 
Posts: 29
Joined: Oct 07 03 1:53 pm

Re: Intercepting SMTP Auth Failed

Postby adrien » Mar 06 19 8:33 am

you can create new lists by just trying to access it from script, and you can add items and check.

so for example script of

Data.GetList("SMTP blocked IPs").Add(Session.ClientIp)

will add the client IP to the list, and create the list of that name if it didn't previously exist. You can check whether an IP is in a list using the data list check item, or in script. e.g.

Jscript:

if(Data.GetList("SMTP blocked IPs").Contains(Session.ClientIp))
{
}

LUA:

if(Data.GetList("SMTP blocked IPs").Contains(Session.ClientIp)) then

end
adrien
Qbik Staff
 
Posts: 5270
Joined: Sep 03 03 2:54 pm
Location: Auckland


Return to WinGate

Who is online

Users browsing this forum: No registered users and 1 guest

cron