AnsweredAssumed Answered

Blocking SMTP connections

Question asked by Hugo van der Kooij on Nov 29, 2017
Latest reply on Dec 12, 2017 by Hugo van der Kooij

Is there a way to set a trip guard on SMTP connections and start blocking a source IP address after N failures on the SMTP protocol? SAM blocking comes to mind here.


The issue is I have a mail server (Barracuda Email Security Gateway) that gets hammered on every now and again by some silly system that tries hundreds of relay attempts with credential guessing. The barracuda blocks them after a few attempts but my log on the box fills up rather fast this way. I was just curious if there is way to block this in R80.10 with one of the blades.


Or do I need to get some extra logic device that will correlate the syslog events of the Barracuda and fire up a SAM blocking action? (Do I have a business case for Splunk here ;-)