Product » A free email server for Windows and Linux » Knowledge Base

Document information

Document ID: 5126
Subject: Invalid Login Alerts
Creation date: 6/19/17 3:31 PM
Last modified on: 9/21/18 10:22 AM


Invalid Login Alerts in Xeams

Similar to any other server facing the Internet, Xeams is vulnerable to attacks from malicious users on the Internet. The most common attack that occur is an attempt to guess a user ID and password combination.

Xeams is designed to generate email alerts when such an attack is detected. A sample alert is displayed below.
--------------------------------------------
Automatic alert from Xeams - DO NOT reply   
Host Name:  Xeams.YourCompany.com
IP Address: 192.168.1.100
--------------------------------------------

Too many invalid login attempts made from 100.101.102.103. This IP has been blocked for the 
next 10 minutes. Someone from this IP is trying to connect to the Smtp Server on xeams.yourcompany.com. 
Total attempts so far: 5

Steps you can take

You have several options:
Option 1 - Ignore it
Xeams will automatically block this user from authenticating. Once an IP gets blocked, Xeams will pretend a user ID/password is incorrect, even if by chance they use the right combination.

Therefore, if you simply ignore this event the perpetrator will eventually stop.
Option 2 - Block from your firewall
You can block the IP address from hitting the Xeams server from your network firewall. The downside of the technique is that you will have to constantly keep up with the IP addresses they use to hit your server.
Option 3 - Disable SMTP Authentication
If the attack is happening against your SMTP server (port 25) and you know that no valid user will use SMTP Authentication, you can disable this feature in Xeams using the following steps:

  • Login as admin to the web interface
  • Click SMTP Configuration under Server Configuration
  • Uncheck Allow SMTP Authentication right below Primary SMTP Port
  • Once this feature is disabled, no one will be able to use Authentication therefore attacks will stop, provided they were attacking SMTP port 25




Add a comment to this document

Do you have a helpful tip related to this document that you'd like to share with other users?

Important: This area is reserved for useful tips. Therefore, do not post questions here. Instead, use our public forums to post questions.