Pegasus Mail & Mercury

Welcome to the Community for Pegasus Mail and
The Mercury Mail Transport System, the Internet's longest-serving PC e-mail system!
Welcome to Pegasus Mail & Mercury Sign in | Join | Help
in
Home Blogs Forums Downloads Pegasus Mail Overview Mercury Overview Wiki

Mercurys userids/passwords

Last post 10-12-2018, 2:05 by jbanks. 3 replies.
Sort Posts: Previous Next
  •  10-04-2018, 15:38

    • mcorrow is not online. Last active: 10-04-2018, 20:14 mcorrow
    • Top 500 Contributor
    • Joined on 03-10-2008
    • Member
    • Points 325

    Mercurys userids/passwords

    We are currently having a large influx of "hackers" trying to determine a valid userid/password for sending spam... Using v4.74...

    Since the mercurys.log does not show the userid/password used(and I can't find any settings for that), if a hacker finds a valid userid/password, I would have no way to know which one I have to change...

    Any suggestions?

    Matt

     

  •  10-05-2018, 2:04

    • Rolf Lindby is not online. Last active: 2018-10-19, 0:59 Rolf Lindby
    • Top 10 Contributor
    • Joined on 05-08-2007
    • Stockholm, Sweden
    • SuperStar
    • Points 25,925
    • BetaTeam Moderator SystemAdministrator

    Re: Mercurys userids/passwords

    The Mercury version currently being beta tested will display details for failed SMTP logins in the log.

     

  •  10-05-2018, 16:14

    • Greenman is not online. Last active: 19 Oct 2018, 12:21 Greenman
    • Top 10 Contributor
    • Joined on 07-19-2007
    • UK
    • SuperStar
    • Points 13,555

    Re: Mercurys userids/passwords

    mcorrow:

    We are currently having a large influx of "hackers" trying to determine a valid userid/password for sending spam... Using v4.74...

    Since the mercurys.log does not show the userid/password used(and I can't find any settings for that), if a hacker finds a valid userid/password, I would have no way to know which one I have to change...

    Any suggestions?

    Matt

     

    Mercury can save the transaction logs for each connection. These detail the login info. Unfortunately, depending on the load on your server there might be 1000's of them. For what it's worth, I have seen a lot of illicit connection attempts during this last week. These are repetitive connections from the same IP or IP range. I usually block the range xxx.xxx.xxx.1 - 254. I've connection attempts from various ranges belong to China, Netherlands, and the UK. Perhaps these are related to the credential stuffing attacks that have been in the media recently?

  •  10-12-2018, 2:05

    • jbanks is not online. Last active: 10-13-2018, 14:53 jbanks
    • Top 50 Contributor
    • Joined on 06-09-2007
    • Prince Edward Island, Canada
    • Member
    • Points 1,225

    Re: Mercurys userids/passwords

    Some time ago I downloaded a daemon from you that fixed this very issue for me.  Hope you don't mind me sharing this.  I'm surprised really that David doesn't build this into the software..


    At 17:09 2017-11-24, Jim Banks wrote:

    I had been seeing these connections constantly and when I looked in my log noticed that the same ip has been connecting to me for weeks trying to hack in (presumably trying different passwords each time.  Is there any way mercury can be configured to block the ip after so many failed attempts.  I have them locked out now, but it would be better if mercury automatically took care of this for me.


    Mercury should block repeated failed AUTH attempts if they happen within the same SMTP session. This is usually not the case though. Multiple AUTH failures from the same IP address but in separate sessions can however, if frequent enough, be caught by my SMTP Event Daemon. If you would like to have a look at it you can download it here: http://downloads.serieguide.se/SmtpEvt2017.zip

    / Rolf

     

     

View as RSS news feed in XML

Contact | Advertise | Host provider: PraktIT | Terms of Use | Privacy Statement
Copyright © 2007-2011 David Harris / Peter Strömblad. | Pegasus Mail Home Page