Skip to content

How can we improve?

← Welcome to MDaemon Technologies' Suggestion Box

Geoblocking of allowed SMTP/POP/IMAP.

I would like to see functionality to allow geoblocking of allowed SMTP/POP/IMAP.

Basically possibility to set which countries IPs that is allowed to connect with authenticated sessions for SMTP / POP / IMAP.

As my users is only living and working in Sweden they will only be
coming from IPs from Sweden.

This could remove 98% of all the botnet sessions that tries to bruteforce autheticated sessions.

Best regards
Dan Lundqvist
MRZAZ.COM
Stockholm, Sweden

6 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Dan Lundqvist shared this idea  ·   ·  Report…  ·  Admin →

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • David Rhoten commented  ·   ·  Report

    Aaron: You actually can NOT stop authentication attempts using the DNS-BL -- it doesn't apply during authentication. Email is checked against the country IP, but not authentication attempts. I have blocked most foreign countries at our firewall, but for just about every country I can't block (for http reasons), I get break-in attempts via SMTP. PLEASE consider adding, or consider allowing DNS-BL checks to occur during authentication attempts!

    Thanks,

    Dave

  • David Rhoten commented  ·   ·  Report

    Although perhaps this is unnecessary if using IP Shield, but you'd want to disable "Do not apply to authenticated sessions", right?

    Dave

  • David Rhoten commented  ·   ·  Report

    Add geolocation to Dynamic Screening so people trying to log in as local users from IP's in foreign countries can be squelched! We've been having a fair number of attempts per day by bad actors attempting to log in as local users. Generally, each attempt is from a different IP/country. Since I don't have actual users (or only rarely) logging in from foreign locales, I'd like to be able to check off on a list to allow/disallow logins for local users by country.

  • Dan Lundqvist commented  ·   ·  Report

    Thanks for the info.

    However, In my case I do not want to geoblock INCOMING mail with a certain IP (as such) but rather use geoblocking on sessions that want to authenticate so the session could be blocked even if the user/psw is correct but from from wrong country.

    If I know that all my users is sending/receiving mail from a Swedish IP then if someone spoofs an account and manages to get the correct user/passw. it will still be blocked due to the geoblocking function. And could also be tied to the DynamicScreening as well.

    It will not block IPs coming from allowed country(ies) but it could reduce the account hijacking dramatically.

    Today botnet tries hammering only 2-3 times from each IP but with many different IPs in a row. If a session tries to do a SMTP (or POP) using authentication, MD could detect geoblocking already during first try and send it over to DynamicScreening directly so the IP gets blocked and not after the 3rd try. This reduces the amount of started SMTP/POP/IMAP Sessions.

    //Danne

Welcome to MDaemon Technologies' Suggestion Box: MDaemon

Categories

Feedback and Knowledge Base

(thinking…)