Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply

Intercepting SMTP Auth Failed

Dec 29 15 11:12 pm

Hi

I would like to blacklist the IPs failing to authenticate too often. How can I do that ?

Is there a way to intercept "SMTP AUTH failed" with SMTP Policies ?

Thanks for answer

Best regards

Damien

Re: Intercepting SMTP Auth Failed

Dec 30 15 10:19 am

HI Damien

The enterprise version pushes an event when an auth fails (Users and Groups: AuthFailed), this could be used to track the offending IP address.

Regards

Adrien

Re: Intercepting SMTP Auth Failed

Jan 10 16 10:48 pm

Hi

If someone needs that kinf of feature, I did it by using 2 policies binded to 2 SMTP events : ClientConnect & MessageReceived

The first one, checks if IP is blacklisted and, if not, increases a counter.
If the counter reaches a max value, IP is added to the blacklist table.

If an AUTH FAILED event has occured, the process stops here.

The second one occures when a mail was received. This means that sender is valid => counter is reset to 0.

Best regards

Re: Intercepting SMTP Auth Failed

Mar 03 19 6:57 am

Hi damien,

I know this thread is quite old, but what you have done seems to be what I would like to do... basically automate the blacklisting of all those IP addresses which continually attempt to use the Wingate email server.
Would it be possible to provide a bit more detail on what you have done, i.e. how does the one policy check if the IP is already blacklisted? Are you using the one of the available data lists (Banned Sites? Blocked URLs?) or have you created your own data list for this?

Thanks,
Chad.

Re: Intercepting SMTP Auth Failed

Mar 06 19 8:33 am

you can create new lists by just trying to access it from script, and you can add items and check.

so for example script of

Data.GetList("SMTP blocked IPs").Add(Session.ClientIp)

will add the client IP to the list, and create the list of that name if it didn't previously exist. You can check whether an IP is in a list using the data list check item, or in script. e.g.

Jscript:

if(Data.GetList("SMTP blocked IPs").Contains(Session.ClientIp))
{
}

LUA:

if(Data.GetList("SMTP blocked IPs").Contains(Session.ClientIp)) then

end
Post a reply