SurgeMail Archive: Re: [SurgeMail List] Magor issue, my server is rejecting all login attempt

Subject:	Re: [SurgeMail List] Magor issue, my server is rejecting all login attempt
From:	Ben Hanson
Date:	18-Oct-2010
I saw this happen once with two accounts using Blackberry IMAP connections, but never figured out why the desktop PC's were specifically being denied. I also don't remember what I did to fix it, but I definitely had to clear the authentication cache. I'm just sending this along in case the Blackberry piece is helpful. ben On 10/16/2010 9:05, Lyle Giese wrote: dale wrote: SurgeMail Version 5.0j-10, Built Oct 12 2010 05:13:36, Platform Linux (Surgeweb Enabled) Uptime: 3 days 04:36:11 Server time: Fri Oct 15 23:03:37 2010 I am getting the following message when trying to login from my desktop. 550 (cpe-76-185-19-224.tx.res.rr.com) (200.74.240/21) You have been permanently banned from this domain Protocol: IMAP Server: mail.ehome.net Port: 143 Error Code: 0x80004005 I can login from my mobile phone over the cell network. I do not have the 200.74.240/21 listed anyplace in my ini that I can find. The only changes I have made in the past few days were to upgrade to the latest version a couple of days ago. It had been running fine since then. Earlier today I did add an IP address to g_deny_smtp - however it was not in the range listed in the above error message nor is it my cable IP. I have g_orbs_late checked as well. My local IP is listed in g_orbs_exception. I'm not sure how the listed IP range could be mistaken for my local IP unless there is something strange in the code that only randomly shows up. Thanks for any suggestions. Dale Check your logs for failed logins against your account and/or from the above range(200.74.240/21). I would suspect someone is doing a brute force password attack on your personal email account and has it locked out. Also in some of the more recent builds, they changed the lockout code to not reset after the time out period if the attack continues. In other words, if a brute force attack is continuing, the account does not unlock until the attack stops. Before Surgemail (I have LCR's system set to 5 attempts in 10 mins) would reset after 10 mins and allow the attacker to get 5 more attempts in before relocking the account. Now the account stays locked until the attack stops for the timeout period. Lyle -- Ben Hanson 540 433 9101 office 646 342 0396 mobile www.transprintusa.com www.colorep.com Learn more about our newest waterless sustainable technology at www.airdye.com

Last Message | Next Message


Search website: