On the plus side, it's fairly good at stopping the hackers from abusing the account and sending out a batch of spam through your system, which can save you from being blacklisted...
Seems this feature is risky for those who use an email client on a smartphone. For those who have this turned up, do you see a lot of false positives?
Sent: Wednesday, July 23, 2014 5:43 PM
Subject: re: Re: [SurgeMail List] Feature Suggestion: Include Country of Origin in g_safe_smtp
It's a recommended setting so it pops up in the list of settings to turn on in the config checker (if not then update first)
It remembers the ip addresses people use via pop and imap and if it see's a new address only from 'smtp' then it rejects the login with a url the user can use
to enable logins.
Since most email clients are stupid (The software not the people) and don't show the user the actual error they may not see the cause, but surgemail then delivers
an email to them that they will see explaining what occurred.
The email gives them the ip address, and a url to use to enable logins for that address.
And in future it will tell them the country the login attempt came from.
i never knew this existed. how does it work if you turn it on? the documentation is non-existent:
g_safe_smtp - Force users to prove they are real if logging in from unknown sources via smtp
This feature is intended to prevent spamers/hackers from harvesting accounts on your system and then using them to send out spam
On 7/23/2014 4:28 PM, Glenn Meadows wrote:
I think people new (and good) innate fear of randomly clicking links in email is part of the problem. If the country was listed in the message they got, it
would actually be more helpful.
On 7/23/2014 4:17 PM, surgemail-support wrote:
The email contains a link which shows them a map of the world with the origin of the ip address on the map... isn't that clear? Or is that not working? Or are
they afraid of pressing the link incase it's a trick?
(just trying to understand why the existing mechanism isn't working as intended before modifying it - I think your idea is good actually)
Just making another feature suggestion. A common support call
automated e-mail message from SurgeMail to a user when the
enabled. These are usually hacked accounts and SurgeMail is
authenticated SMTP session from an unknown IP address. The problem
the customer has no idea if the IP address included in the message
IP address or some spammers IP address. As a result, they are
do not know if they should click the link included in the message. We
usually ask them for the IP address in the e-mail, perform a WHOIS
and then ask if they are trying to access their mailbox from that
network/location. Today it was an IP address from the Ukraine.
My suggestion is that if g_country_ip is also enabled, which gives
the country that owns the IP, include the country information in the
g_safe_smtp notice. I think that would eliminate a lot of the
