Disable external SMTP authentication

[ttremain]

I am getting a lot of cPHulk messages saying that an SMTP server is under brute force attack. They try from one IP for a while, then try from another, then another.

This particular server sends and receives very little email. While I do need to allow outside servers to perform callouts, I do not believe I have ANY reason to allow SMTP authentication to this server.

So how would I block all SMTP authentication attempts? It would be nice if I could add an IP or RDNS whitelist just in case.

If it were not for callouts, I could probably block all inbound port 25 attempts.

Thank you!

 

[vanessa]

This post may be relevant, though you'd need to alter the proposed solution slightly:

http://forums.cpanel.net/f5/disable-smtp-auth-required-55332.html

 

[ttremain]

This post may be relevant, though you'd need to alter the proposed solution slightly:

Almost, but that thread is from 2006, and the exim configs have changed an awful lot since then.

 

[cPanelMichael]

The thread referenced, while outdated, still provides the general idea of modifying the "Accept Hosts" entry. Also, have you considered using a firewall management tool such as CSF to block connections to specific ports or to block full IP ranges from accessing those ports?

Thank you.

 

[ttremain]

But "accept hosts" is used in the advanced config several times.
So far, I think I would have to replace the "default_check_message_pre" section, but I could be incorrect.

Blocking inbound port 25 via the firewall would not meet the requirements, because it would break the servers ability to receive mail, or receive callout requests.