Pegasus Mail & Mercury

Welcome to the Community for Pegasus Mail and
The Mercury Mail Transport System, the Internet's longest-serving PC e-mail system!
Welcome to Pegasus Mail & Mercury Sign in | Join | Help
in
Home Blogs Forums Downloads Pegasus Mail Overview Mercury Overview Wiki

Malicious IMAP login attempts

Last post 10-08-2018, 18:13 by Tym. 4 replies.
Sort Posts: Previous Next
  •  08-23-2018, 20:02

    Malicious IMAP login attempts

    My MercuryI logs show a number of instances of 'password failure' due to malicious IMAP login attempts. In some cases the user doesn't exist, in some cases the user is valid but the password is wrong (the logs show a previous dictionary attack to find valid names). So far as I know there have been no attempts that have correctly guessed the password but I would like to defend against them further.

    I can/will make my passwords more complex, and possibly change the user names. I can't lock down the permitted hosts using Connection Control, as the IP allocated to mobile devices will change (and if I'm abroad, even the IP range will change). Is there any way to invoke an IP blacklist such as Spamhaus in Connection Control, as is done with MercuryS?

    Thanks

  •  08-28-2018, 16:56

    • Greenman is not online. Last active: 25 Jun 2019, 16:47 Greenman
    • Top 10 Contributor
    • Joined on 07-19-2007
    • UK
    • SuperStar
    • Points 14,300

    Re: Malicious IMAP login attempts

    Chris Bolton:

    My MercuryI logs show a number of instances of 'password failure' due to malicious IMAP login attempts. In some cases the user doesn't exist, in some cases the user is valid but the password is wrong (the logs show a previous dictionary attack to find valid names). So far as I know there have been no attempts that have correctly guessed the password but I would like to defend against them further.

    I can/will make my passwords more complex, and possibly change the user names. I can't lock down the permitted hosts using Connection Control, as the IP allocated to mobile devices will change (and if I'm abroad, even the IP range will change). Is there any way to invoke an IP blacklist such as Spamhaus in Connection Control, as is done with MercuryS?

    Thanks

    Mercury's IMAP server is doing exactly what it should - blocking invalid IMAP connection requests. So long as IMAP access to your mail accounts requires a password, and the people that use those accounts don't share those passwords, you have nothing to worry about. Not the solution you are after, but at least you know your accounts are secure.

  •  08-30-2018, 12:52

    • Sellerie is not online. Last active: 2019/06/25, 21:50 Sellerie
    • Top 75 Contributor
    • Joined on 04-10-2014
    • Member
    • Points 1,110

    Re: Malicious IMAP login attempts

    In such cases something like fail2ban would be cool in Windows...


    Do you really need direct access to the imap-server? If not then i suggest to use a VPN. This prevents also further problems, if the dictionary attack has success...

  •  09-02-2018, 20:38

    Re: Malicious IMAP login attempts

    Thank you both for your replies and comments.

    Greenman, that's as I thought, but it's only by following up possible vulnerabilities that I educate myself. I'm not seriously worried at this stage, but if I can make things more secure, why not do so?

    Sellerie, it had occurred to me that an application to do what fail2ban does would be useful, but I wasn't aware of it. Find the right search string for something you don't know the name of is always hard, but starting from fail2ban I've found several similar for Windows, and will test them. I'm sorry, but I don't follow what you mean by direct access. Regarding a VPN, are you suggesting I host a VPN on the server so that IMAP clients must log in to the VPN?

  •  10-08-2018, 18:13

    • Tym is not online. Last active: 15 Nov 2018, 18:07 Tym
    • Top 500 Contributor
    • Joined on 09-13-2018
    • Preston, UK
    • Member
    • Points 200

    Re: Malicious IMAP login attempts

    Apparently there's wail2ban...

     

    https://alternativeto.net/software/fail2ban/?platform=windows 


    Tym
View as RSS news feed in XML

Contact | Advertise | Host provider: PraktIT | Terms of Use | Privacy Statement
Copyright © 2007-2011 David Harris / Peter Strömblad. | Pegasus Mail Home Page