Reject smtpauth requests for non existent email accounts

[HowardE]

I've been dealing with distributed smtpauth attacks over the past few days, and they're all trying to access non-existent accounts. Is there any way to prevent or quickly reject any requests for things like this? I'm using CSF on my server as well.

10 distributed smtpauth attacks on account [director] in the last 3600 secs

 

[cPRex]

Hey there! I'm not thinking of any obvious ways to stop this faster than their authentication failing. The firewall system doesn't know about the email accounts available on the server, so when they attempt an authenticated session that will fail, but does use up those resources in the meantime.

Do you have cPHulk enabled so it can at least block any IP addresses that have failed multiple times?

 

[HowardE]

Hey there! I'm not thinking of any obvious ways to stop this faster than their authentication failing. The firewall system doesn't know about the email accounts available on the server, so when they attempt an authenticated session that will fail, but does use up those resources in the meantime.

Do you have cPHulk enabled so it can at least block any IP addresses that have failed multiple times?

Yes, cPHulk is enabled, and the one actually passing the smtpauth attack IP block on to the CSF firewall.

The lack of obvious answers is why I posted here.

 

[cPRex]

I don't personally know of a better or more efficient way to handle that type of traffic. Maybe a tool like Cloudflare has protection for that, but I'm not certain if that is something that would fall under their protection.