The question is what are you trying to fix exactly,
1) Is it just the log entries that bother you.
2) is it load caused by the probing
3) is it security.
if it's '3', then you probably already have it fixed with
requiring ssl, but that doesn't really stop probing it just stops
'dumb' probing, the settings below and on the referenced web page
will help a lot.
If it's '1', then stop reading them :-)
If it's '2', then it's probably not really causing significant
load (unless you have reason to believe otherwise...)
Here are some settings I would use...
# Block guessing
if a user tries an obvious admin account
G_HACKER_POISON HIDDEN@,administrator@*"
# Only allow
smtp logins if the user has previously logged in via imap/pop
from the same address
G_SAFE_SMTP
"true"
# Alert users
when logins occur from unknown addresses that are not from
australia or usa...
G_SAFE_WARNING
"true"
g_safe_country
"us,au"
# if you really want to disable pop, which is valid enough if
your users are all imap based...
g_pop_port "disabled"
You may find other info on this page useful:
http://netwinsite.com/surgemail/help/hackers.htm
ChrisP.
My server is getting hammered by POP login attempts.
I want to force all my real clients to use SSL IMAP only. What
settings do I need to:
1) force authenticated SSL logins for IMAP
2) completely ignore any POP logins (or force SSL if ignoring
is a bad idea)
3) force authenticated SSL logins for SMTP
Any other suggestions to get rid of these pests welcome.
Note: I thought I had already set things up to force SSL, but I
keep getting these failed log messages:
25 10:49:03.66:6852: xx-client-xx: pop: SSL required for ip (115.211.174.66) xx-client-xx
Neil
--
Neil Herber
