Reject smtpauth requests for non existent email accounts

HowardE

Member
Aug 8, 2015
24
4
53
Florida
cPanel Access Level
Root Administrator
I've been dealing with distributed smtpauth attacks over the past few days, and they're all trying to access non-existent accounts. Is there any way to prevent or quickly reject any requests for things like this? I'm using CSF on my server as well.

10 distributed smtpauth attacks on account [director] in the last 3600 secs
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,032
1,741
363
cPanel Access Level
Root Administrator
Hey there! I'm not thinking of any obvious ways to stop this faster than their authentication failing. The firewall system doesn't know about the email accounts available on the server, so when they attempt an authenticated session that will fail, but does use up those resources in the meantime.

Do you have cPHulk enabled so it can at least block any IP addresses that have failed multiple times?
 

HowardE

Member
Aug 8, 2015
24
4
53
Florida
cPanel Access Level
Root Administrator
Hey there! I'm not thinking of any obvious ways to stop this faster than their authentication failing. The firewall system doesn't know about the email accounts available on the server, so when they attempt an authenticated session that will fail, but does use up those resources in the meantime.

Do you have cPHulk enabled so it can at least block any IP addresses that have failed multiple times?
Yes, cPHulk is enabled, and the one actually passing the smtpauth attack IP block on to the CSF firewall.

The lack of obvious answers is why I posted here. :)
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,032
1,741
363
cPanel Access Level
Root Administrator
I don't personally know of a better or more efficient way to handle that type of traffic. Maybe a tool like Cloudflare has protection for that, but I'm not certain if that is something that would fall under their protection.