There is a property named verifyFailureDelay that you can set in usersrepository.xml. The value is a time to wait between unsuccessful authentication attempts, e.g. 2s to wait 2 seconds.
You won't get rid of the attacks this way, but slow down any brute force attempts to guess valid user passwords. Hopefully to a point where it does not make sense anymore and the attacker just gives up. On the other hand, a long delay could clog up your mail server and prevent legitimate users from accesssing it, so you may need to experiment with the settings a bit. Good luck, Karsten On 07.06.23 10:12 AM, Günter Paul wrote:
I run a James mail server (james-server-spring-app-3.8.0). The log file shows that the server is constantly being attacked. This is normal, the server is on the Internet. I was able to fend off some of the attacks via the firewall: blocking IP addresses or limiting access per minute (connect). Now 2 attacks remain. In both cases there is a “connect”, then many actions, then the connection is closed. The IP addresses change constantly. In the "smtpserver.xml" file, I tried to reduce the number of accesses via "MaxRcptHandler", but unfortunately that doesn't work here. Are there any out of the box options to configure something? Here are the concrete examples from the log file (domaine.de is a dummy for my domaine) 1) Rejected message. Unknown user INFO | jvm 1 | 2023/06/06 23:55:45 | 06-Jun-2023 23:55:45.837 INFO [smtpserver-io-3] org.apache.james.protocols.netty.BasicChannelInboundHandler.channelActive:103 - Connection established from 60.29.127.226 INFO | jvm 1 | 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.400 INFO [smtpserver-io-3] org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler.reject:61 - Rejected message. Unknown user: [email protected] INFO | jvm 1 | 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.400 INFO [smtpserver-io-3] org.apache.james.protocols.smtp.core.log.HookResultLogger.onHookResult:45 - org.apache.james.smtpserver.fastfail.ValidRcptHandler: result= (DENY CONNECTED) INFO | jvm 1 | 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.401 INFO [smtpserver-io-3] org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler.reject:61 - Rejected message. Unknown user: [email protected] INFO | jvm 1 | 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.401 INFO [smtpserver-io-3] org.apache.james.protocols.smtp.core.log.HookResultLogger.onHookResult:45 - org.apache.james.smtpserver.fastfail.ValidRcptHandler: result= (DENY CONNECTED) … (202 lines in total ) INFO | jvm 1 | 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.470 INFO [smtpserver-io-3] org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler.reject:61 - Rejected message. Unknown user: [email protected] INFO | jvm 1 | 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.471 INFO [smtpserver-io-3] org.apache.james.protocols.smtp.core.log.HookResultLogger.onHookResult:45 - org.apache.james.smtpserver.fastfail.ValidRcptHandler: result= (DENY CONNECTED) INFO | jvm 1 | 2023/06/06 23:55:51 | 06-Jun-2023 23:55:51.408 INFO [smtpserver-io-3] org.apache.james.protocols.netty.BasicChannelInboundHandler.channelInactive:143 - Connection closed for 60.29.127.226/60.29.127.226:50151 2) Password is unverified INFO | jvm 1 | 2023/06/06 23:44:49 | 06-Jun-2023 23:44:49.108 INFO [smtpserver-io-2] org.apache.james.protocols.netty.BasicChannelInboundHandler.channelActive:103 - Connection established from 45.133.235.202 INFO | jvm 1 | 2023/06/06 23:44:49 | 06-Jun-2023 23:44:49.333 INFO [smtpserver-io-2] org.apache.james.user.lib.UsersRepositoryImpl.lambda$test$2:155 - Could not retrieve user Username{localPart=root, domainPart=Optional[Domain : domaine.de]}. Password is unverified. INFO | jvm 1 | 2023/06/06 23:44:49 | 06-Jun-2023 23:44:49.333 INFO [smtpserver-io-2] org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doAuthTest:397 - AUTH method LOGIN failed from Username{localPart=root, domainPart=Optional[Domain : domaine.de]}@45.133.235.202 INFO | jvm 1 | 2023/06/06 23:44:49 | 06-Jun-2023 23:44:49.512 INFO [smtpserver-io-2] org.apache.james.user.lib.UsersRepositoryImpl.lambda$test$2:155 - Could not retrieve user Username{localPart=root, domainPart=Optional[Domain : domaine.de]}. Password is unverified. INFO | jvm 1 | 2023/06/06 23:44:49 | 06-Jun-2023 23:44:49.512 INFO [smtpserver-io-2] org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doAuthTest:397 - AUTH method LOGIN failed from Username{localPart=root, domainPart=Optional[Domain : domaine.de]}@45.133.235.202 … (408 lines in total ) INFO | jvm 1 | 2023/06/06 23:45:25 | 06-Jun-2023 23:45:25.286 INFO [smtpserver-io-2] org.apache.james.user.lib.UsersRepositoryImpl.lambda$test$2:155 - Could not retrieve user Username{localPart=root, domainPart=Optional[Domain : domaine.de]}. Password is unverified. INFO | jvm 1 | 2023/06/06 23:45:25 | 06-Jun-2023 23:45:25.286 INFO [smtpserver-io-2] org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doAuthTest:397 - AUTH method LOGIN failed from Username{localPart=root, domainPart=Optional[Domain : domaine.de]}@45.133.235.202 INFO | jvm 1 | 2023/06/06 23:45:25 | 06-Jun-2023 23:45:25.330 INFO [smtpserver-io-2] org.apache.james.protocols.netty.BasicChannelInboundHandler.channelInactive:143 - Connection closed for 45.133.235.202/45.133.235.202:57554 Does anyone know solutions to these problems? Best wishes, Günter
smime.p7s
Description: S/MIME cryptographic signature
