Messaging Gateway

Hi,

I am using SMG 10.6.1-4 and I am experiencing daily administrative notification messages like "Alert - Login failures occur from a single IP"; literally thousands of them.

Someone tries to authenticate using following users on 587 port (via LDAP query).

User    Number of login failures per single user

=============

smtp      928

backup    955

user    955

info    955

admin    955

test    366

................

=============

I am pretty concerned. I don't figure out however a way to lock them out, because of course IP address changes day by day/attack by attack.
My firewall logs show 1 entry for a single connection but on that single connection (I suppose), thousands of authentication tries are performed.

I already contacted Symantec support and they told me there is no native way to deal with it.

I kindly ask:

1) What can I do ? Has SMG a way/mechanism to deal with it ? How ?
2) If not, what do you suggest ? Is there a Symantec product to purchase and use together with SMG that can help ?

I could configure an AD account lockout strategy but it has many other implications.

Please help.

Thanks, best regards.

Any help ?

Hi,

I doubt smg can help you, too. One exception, symantec could implement some sort of product enhancement like throttling within connection classification, etc. But its not there. That leads me to what can you do: Is there a certain need that port 587 is available to public? Possibly think of other solutions there.

Thomas