[Users] Disallow users to authenticate with smtp / hardening Zimbra
Barry de Graaff
info at barrydegraaff.tk
Sat May 25 11:49:01 CEST 2019
Hello All,
I have set-up a hardened Zimbra server, that is, I firewalled pop/imap/http so that is not available.
Port 443 can only be reached via a VPN.
So far so good,
I am still seeing a bot-net trying to authenticate by using username/password combos
on the smtp port though. So I set up a fail2ban like script to ban ip's that are doing that.
Please tell me if I am wrong, but if they succeed in getting the smtp credentials for an account,
they can send out spam and do some spoofing, but they cannot get the users data right? As that
cannot be fetched over smtp? Even without spamming, one can use the response from Zimbra
to find out valid username/password combos. Which is bad, but not a big deal, because the VPN.
Other than using an smtp relay, what can I do to prevent user-accounts being used to auth on
smtp? I do not really need the feature on this server, but I cannot disable the port, cause then no
more mail could be delivered right?
Any suggestions? I still have 465/tcp 587/tcp and 25 opened for smtp.
Kind regards,
Barry de Graaff
Zeta Alliance
Co-founder & Developer
zetalliance.org | github.com/Zimbra-Community
Signal: +31 617 220 227
Fingerprint: 97f4694a1d9aedad012533db725ddd156d36a2d0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20190525/430886b6/attachment.html>
More information about the Users
mailing list