Disable external SMTP authentication

ttremain

Well-Known Member
Feb 16, 2003
246
2
168
cPanel Access Level
Root Administrator
I am getting a lot of cPHulk messages saying that an SMTP server is under brute force attack. They try from one IP for a while, then try from another, then another.

This particular server sends and receives very little email. While I do need to allow outside servers to perform callouts, I do not believe I have ANY reason to allow SMTP authentication to this server.

So how would I block all SMTP authentication attempts? It would be nice if I could add an IP or RDNS whitelist just in case.

If it were not for callouts, I could probably block all inbound port 25 attempts.

Thank you!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
The thread referenced, while outdated, still provides the general idea of modifying the "Accept Hosts" entry. Also, have you considered using a firewall management tool such as CSF to block connections to specific ports or to block full IP ranges from accessing those ports?

Thank you.
 

ttremain

Well-Known Member
Feb 16, 2003
246
2
168
cPanel Access Level
Root Administrator
But "accept hosts" is used in the advanced config several times.
So far, I think I would have to replace the "default_check_message_pre" section, but I could be incorrect.

Blocking inbound port 25 via the firewall would not meet the requirements, because it would break the servers ability to receive mail, or receive callout requests.