Welcome to Vastspace, provides Reliable Web Hosting since 2014

Welcome to Vastspace

Archive

Brute-force Protection

Whether you are using Exim, Postfix or others, I personally feel that the brute-force protection is necessary. I have seen unauthorized login attempts on email accounts especially the common ones.

I supposed your service provider has been telling you ‘please use the strong password’. However, Imseeing compromised account use a weak password. So, please remind yourselves always to use strong passwords.

A strong password can be 13 characters and above, a mixture of the symbols, capital letters, small letters and numbers. You don’t and never define such as strong password ‘P@ssword123456’ Yes. it has more than 13 characters., symbols, capital, small letters and numbers.

This type of password is very guessable, they are likely in the hacker’s dictionary. Never use this kind of password. Combination of name, birthday, handphone and NRIC number should be avoided too. A password is your first defence line, hence it is important to make sure they are not guessable.

Devices have set up with email services should install with a good anti-virus capable of detecting malicious activities like for example ports scanning which is common nowadays. This is also important to an individual, even you have a strong password, there is risk your password is stolen through a backdoor on a virus-infected devive.

If you do have the above both, the brute-force protection is useful but it is not 100% you are protected or you are safe. Hackers will attempt to login to your email account with their hacking program using a guessable password.

The ideal of brute-force protection is a rule to block further failed login after X attempts in X interval and block the source for an X period. This is effective to bar authorized access. Whoever came out the mechanism is a genius. This mechanism has protected many, not only email accesses.

Like SmarterMail has such feature out of the box, actually more like internal spammer etc. However, today topic is mainly on brute-force and yes, SmarterMail has built-in with such feature. The server admin can define the number of attempts and the block interval. SmarterMail will display the IP address and its location, should you blacklist them permanently.

I personally felt this is a great feature to protect our email users. This feature reduces the workload on email server admin too. A good email system must built-in with a good security feature and SmarterMail did it.

[/vc_column_text][/vc_column][/vc_row]