11.08.2017

The quest to avoid SMTP Hacking and "Authentication Failed" on Domino-server continues

Tags: Lotus Domino Configuration
0

Update Nov, 11th, 2017: If your are using the sample database, you need a configuration first. Go to the configuration-view and press the "Configuration" button to create one.

*

This blog-post is about a combination of my own agent creating an IP-address list and a product named "IP Blocker". The combination automatically pumps bad IP addresses from Domino log to IP Blocker – and gone are the bad IP address.

Even though I have some sort of control on the numerous SMTP hacking attempts happening every day, I still feel uncomfortable just seeing that they keep on pounding my server. What do I mean?

The log gets lots of messages like this;

07.11.2017 05:00:06   SMTP Server: Authentication failed for user stevens ; connecting host 189.1.185.148

Back in March 2017 I wrote the blog-post Finally I managed to stop the SMTP hacking, generating tons of "SMTP Server: Authentication failed for user ..."-messages. Back then I was using the Windows Firewall to trap the bad IP addresses, and that worked. Every IP address registered was effectively blocked from ever reaching my server. The down-side was to keep up with all the new IP addresses, and somewhat cumbersome user interface to register IP addresses. My blog post goes into detail how that was done.

A reader named David Brown commented on the blog-post and referred to his blog-post Disable SMTP-AUTH To Stop Relay Hackers In Their Tracks, which suggested the somewhat strange tip to turn off the SMTP Authentication server in order to actually automatically fence out the bad IP addresses.

Here the other day I came across another Windows tool named IP Blocker from BeeThink-software. It looks a little outdated, but it turned out to be quite powerful! Below you see it in action on my Windows machine;

SNAGHTML19d532e1

All the red dots are blocked addresses! What was the most important selling point to me was the ability to automatically load IP-address lists.

What if I created an agent retrieving all the "Authentication Failed" messages, extracting the IP addresses and automatically created an IP-address list file to IP Blockere to read?

Read on to meet "Authentication Failed Extractor" database Smile

03.03.2017

Finally I managed to stop the SMTP hacking, generating tons of "SMTP Server: Authentication failed for user ..."-messages

Tags: Lotus Domino Configuration Spam
0

Have you ever seen a bunch of these in your Domino log-database?

image

If so, you are the victim of attempted SMTP Hacking. It means that someone is trying to log on to your server via the SMTP protocol. SMTP was primarily constructed for functionality and not so much security Smile

Unnecessarily to say, it is a waste of cycles to have all this traffic hit your server, not to mention what could happen if they ever succeed entering the system! Obviously the perpetrators uses some sort of directory attack trying out both known and valid mail addresses, in addition to all sorts of other names.

Read on to see how I finally was able to stop specified IPs from even reaching the Domino server (hint, the Windows Firewall comes to rescue!)

Update March 7th, 2017: David Brown over at his site https://port1352.wordpress.com (love the port1352-name!) took the time to chime in and tipsed me about his blog-post Disable SMTP-AUTH To Stop Relay Hackers In Their Tracks . I had actually seen this post too, but I could not get my head around that it would could actually be better to turn off SMTP-authentication in order to have better security. I asked a question on his post, and he posted a thorough answer to why this might be a good idea here. Thanks David for taking your time to answer this question!

02.22.2017

How to setup Gmail's smtp.gmail.com as the outgoing mail server on both Domino and on iOS

Tags: After Hours Lotus Domino Configuration
0
One of the fun things with software, and perhaps especially server software, is that there is lots of ways to get things done. Sometimes you just drown in settings, configurations and restarts. Suddenly things start to work, and you really don't know exactlywhat fixed the problem! This is a story along those lanes, and I write about primarily to remember the steps for later for my own part. Perhaps it can be beneficiary to others too.
 
From having my own Domino server and using it for both incoming- and outgoing mail, things has transformed over the years to only handle incoming mail, and relaying outgoing mail to other SMTP-servers. In my case it has been the Telenor server "smtp.online.no" for many years. Up til now I have been very satisfied with Telenor and smtp.online.no too. If you are interested, you can read more about the history of my server at the end of this article.
 
The Problem

However, in January 2017 something happened on the the Telenor-side, and suddenly their SMTP-server wouldn't accept relayed mail from my server anymore.
 
Sending mail from my Domino server quickly resulted in the following log-entry, along with a non-delivery report sent back to the sender
 
06.02.2017 23:06:48   Router: Message 00796504 NOT transferred via SMTP to SMTP.ONLINE.NO for some.recipient@somewhere.com 553 5.3.0 <some.recipient@somewhere.com>... We do not relay from 84.202.240.155
 
If I tried to send from my iPhone or iPad, which also had the smtp.online.no as outgoing mail server, I received this;
A picture named M2
The above is in Norwegian, and says; “Cannot Send Mail – A copy has been placed in your Outbox. The Recipient {name} was rejected by the server.”
 
I have now been in touch with the support-departments for both Canal Digital and Telenor, and to make a long story very short; Hopelessly problematic to get any sensible answers at all!!!


First Canal Digital: From filing a support-request via their own support-pages, I didn't get any answer at all. First when I posted on their Facebook-page, they answered instantly!
So, note-to-self, don't bother to write anything in support forms or send email, that won't be answered anyway. Only use channels that obviously hurt a little if requests stay unanswered. That must feel like the other side of the coin for Canal Digital…
The answer to my problem? Canal Digital just points to Telenor and basically says "it's their fault, we do nothing with mail".
 
Ok, over to Telenor, and a very similar story unveils with them. Sensible enough they don't have a Facebook page where customers can rant (they have learnt the lesson that Canal Digital is learning …) However, after registering a couple of cases, were the latter pointed to a huge document with very detailed information about the problem, I finally got an answer today;
 
We don't do e-mail support at all via e-mail ….

 
….. Ha ha ha, are you kidding me?!?! No e-mail support via e-mail ?!?!? (choke choke …)
 
However, they points me to Telenoreksperten, a call-center charging you no less than approximately USD 3 per minute. I guess this is no other logic than if your washing machine breaks down. Nobody will even touch your washer if you don't stuff their deep pockets full of money ….

Tags

Calendar