dale wrote: > SurgeMail Version 5.0j-10, Built Oct 12 2010 05:13:36, Platform Linux > (Surgeweb Enabled) > Uptime: 3 days 04:36:11 Server time: Fri Oct 15 23:03:37 2010 > > > > I am getting the following message when trying to login from my desktop. > > 550 (cpe-76-185-19-224.tx.res.rr.com) (200.74.240/21) You have been > permanently banned from this domain > Protocol: IMAP > Server: mail.ehome.net > Port: 143 > Error Code: 0x80004005 > > I can login from my mobile phone over the cell network. > > I do not have the 200.74.240/21 listed anyplace in my ini that I can > find. The only changes I have made in the past few days were to > upgrade to the latest version a couple of days ago. It had been > running fine since then. Earlier today I did add an IP address to > g_deny_smtp - however it was not in the range listed in the above > error message nor is it my cable IP. > > I have g_orbs_late checked as well. > > My local IP is listed in g_orbs_exception. > > I'm not sure how the listed IP range could be mistaken for my local IP > unless there is something strange in the code that only randomly shows > up. > > Thanks for any suggestions. > > Dale > > Check your logs for failed logins against your account and/or from the above range(200.74.240/21). I would suspect someone is doing a brute force password attack on your personal email account and has it locked out. Also in some of the more recent builds, they changed the lockout code to not reset after the time out period if the attack continues. In other words, if a brute force attack is continuing, the account does not unlock until the attack stops. Before Surgemail (I have LCR's system set to 5 attempts in 10 mins) would reset after 10 mins and allow the attacker to get 5 more attempts in before relocking the account. Now the account stays locked until the attack stops for the timeout period. Lyle
Last Message | Next Message