Hello Karsten,
thanks for the tip. I tried it but it doesn't work.
It seems that "verifyFailureDelay" only works for an identical user login. Here
is a connection and then an attempt with different users to log in. There is no
delay between registrations. It would be good if a connection was closed after
three attempts.
Best wishes
Günter
> Karsten Otto <karstenandreas.o...@akquinet.de.invalid> hat am 07.06.2023
> 10:36 CEST geschrieben:
>
>
> There is a property named verifyFailureDelay that you can set in
> usersrepository.xml. The value is a time to wait between unsuccessful
> authentication attempts, e.g. 2s to wait 2 seconds.
>
> You won't get rid of the attacks this way, but slow down any brute force
> attempts to guess valid user passwords. Hopefully to a point where it
> does not make sense anymore and the attacker just gives up.
>
> On the other hand, a long delay could clog up your mail server and
> prevent legitimate users from accesssing it, so you may need to
> experiment with the settings a bit.
>
> Good luck,
> Karsten
>
> On 07.06.23 10:12 AM, Günter Paul wrote:
> > I run a James mail server (james-server-spring-app-3.8.0). The log file
> > shows that the server is constantly being attacked. This is normal, the
> > server is on the Internet.
> >
> > I was able to fend off some of the attacks via the firewall: blocking IP
> > addresses or limiting access per minute (connect).
> >
> > Now 2 attacks remain. In both cases there is a “connect”, then many
> > actions, then the connection is closed. The IP addresses change constantly.
> > In the "smtpserver.xml" file, I tried to reduce the number of accesses via
> > "MaxRcptHandler", but unfortunately that doesn't work here.
> >
> > Are there any out of the box options to configure something?
> >
> > Here are the concrete examples from the log file (domaine.de is a dummy for
> > my domaine)
> >
> > 1) Rejected message. Unknown user
> >
> > INFO | jvm 1 | 2023/06/06 23:55:45 | 06-Jun-2023 23:55:45.837 INFO
> > [smtpserver-io-3]
> > org.apache.james.protocols.netty.BasicChannelInboundHandler.channelActive:103
> > - Connection established from 60.29.127.226
> > INFO | jvm 1 | 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.400 INFO
> > [smtpserver-io-3]
> > org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler.reject:61
> > - Rejected message. Unknown user: dar...@domaine.de
> > INFO | jvm 1 | 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.400 INFO
> > [smtpserver-io-3]
> > org.apache.james.protocols.smtp.core.log.HookResultLogger.onHookResult:45 -
> > org.apache.james.smtpserver.fastfail.ValidRcptHandler: result= (DENY
> > CONNECTED)
> > INFO | jvm 1 | 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.401 INFO
> > [smtpserver-io-3]
> > org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler.reject:61
> > - Rejected message. Unknown user: daniell...@domaine.de
> > INFO | jvm 1 | 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.401 INFO
> > [smtpserver-io-3]
> > org.apache.james.protocols.smtp.core.log.HookResultLogger.onHookResult:45 -
> > org.apache.james.smtpserver.fastfail.ValidRcptHandler: result= (DENY
> > CONNECTED)
> >
> > … (202 lines in total )
> >
> > INFO | jvm 1 | 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.470 INFO
> > [smtpserver-io-3]
> > org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler.reject:61
> > - Rejected message. Unknown user: upoz3f3sx...@domaine.de
> > INFO | jvm 1 | 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.471 INFO
> > [smtpserver-io-3]
> > org.apache.james.protocols.smtp.core.log.HookResultLogger.onHookResult:45 -
> > org.apache.james.smtpserver.fastfail.ValidRcptHandler: result= (DENY
> > CONNECTED)
> > INFO | jvm 1 | 2023/06/06 23:55:51 | 06-Jun-2023 23:55:51.408 INFO
> > [smtpserver-io-3]
> > org.apache.james.protocols.netty.BasicChannelInboundHandler.channelInactive:143
> > - Connection closed for 60.29.127.226/60.29.127.226:50151
> >
> >
> > 2) Password is unverified
> >
> > INFO | jvm 1 | 2023/06/06 23:44:49 | 06-Jun-2023 23:44:49.108 INFO
> > [smtpserver-io-2]
> > org.apache.james.protocols.netty.BasicChannelInboundHandler.channelActive:103
> > - Connection established from 45.133.235.202
> > INFO | jvm 1 | 2023/06/06 23:44:49 | 06-Jun-2023 23:44:49.333 INFO
> > [smtpserver-io-2]
> > org.apache.james.user.lib.UsersRepositoryImpl.lambda$test$2:155 - Could not
> > retrieve user Username{localPart=root, domainPart=Optional[Domain :
> > domaine.de]}. Password is unverified.
> > INFO | jvm 1 | 2023/06/06 23:44:49 | 06-Jun-2023 23:44:49.333 INFO
> > [smtpserver-io-2]
> > org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doAuthTest:397 -
> > AUTH method LOGIN failed from Username{localPart=root,
> > domainPart=Optional[Domain : domaine.de]}@45.133.235.202
> > INFO | jvm 1 | 2023/06/06 23:44:49 | 06-Jun-2023 23:44:49.512 INFO
> > [smtpserver-io-2]
> > org.apache.james.user.lib.UsersRepositoryImpl.lambda$test$2:155 - Could not
> > retrieve user Username{localPart=root, domainPart=Optional[Domain :
> > domaine.de]}. Password is unverified.
> > INFO | jvm 1 | 2023/06/06 23:44:49 | 06-Jun-2023 23:44:49.512 INFO
> > [smtpserver-io-2]
> > org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doAuthTest:397 -
> > AUTH method LOGIN failed from Username{localPart=root,
> > domainPart=Optional[Domain : domaine.de]}@45.133.235.202
> >
> > … (408 lines in total )
> >
> > INFO | jvm 1 | 2023/06/06 23:45:25 | 06-Jun-2023 23:45:25.286 INFO
> > [smtpserver-io-2]
> > org.apache.james.user.lib.UsersRepositoryImpl.lambda$test$2:155 - Could not
> > retrieve user Username{localPart=root, domainPart=Optional[Domain :
> > domaine.de]}. Password is unverified.
> > INFO | jvm 1 | 2023/06/06 23:45:25 | 06-Jun-2023 23:45:25.286 INFO
> > [smtpserver-io-2]
> > org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doAuthTest:397 -
> > AUTH method LOGIN failed from Username{localPart=root,
> > domainPart=Optional[Domain : domaine.de]}@45.133.235.202
> > INFO | jvm 1 | 2023/06/06 23:45:25 | 06-Jun-2023 23:45:25.330 INFO
> > [smtpserver-io-2]
> > org.apache.james.protocols.netty.BasicChannelInboundHandler.channelInactive:143
> > - Connection closed for 45.133.235.202/45.133.235.202:57554
> >
> >
> > Does anyone know solutions to these problems?
> >
> > Best wishes, Günter
> >
> >
--
Günter Paul
Hirschbachstraße 4a
53506 Ahrbrück
Tel.: +4926436747
Mobile: +491759140889
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
