We have a pretty annoying problem.
Someone from the outside tries to get into our groupwise system via "SMTP AUTH" (ESMTP-protocol). Sometimes up to 10 login attempts per sec.
SLES 11.2 Xen 4.1.2_14-0.5.5 Virtual Machine
Novell SLES 11.3
Novell OES 11.2
Novell Groupwise 2014 14.0.1-117118
We see that there is someone trying for hours getting in our system by looking in the GWIA log (/var/log/novell/groupwise/gwia.'DOM')
2EDF DMN: MSG 103554 Inbound AUTH failure (D019)
and if they try out a username which is in our system, we can see those attempts in the POA log as well (/var/log/novell/groupwise/'POA'.poa)
7C4E C/S Login Linux ::GW Id='UID' :: 'Server adress'
We first noticed this problem because there were so many login attempts and open ESMTP sessions which led to a server crash.
A delay after X attempts would be pretty neat, like there is for logins via GW Clients or in other mailsystems. If there would be a possibility to ban a user after
3 or 5 attempts for 30 minutes or so, that would help us a lot. But this user should only be banned from login via "SMTP AUTH", otherwise these outside login attempts would block our own users from using their groupwise-clients.
In other mailsystems there is an option to turn off "SMTP AUTH" in general.
We know that with third party products like GWAVA you can configure some delays after a various number of login attempts and you can even block these attempts completely, but there should be an option in groupwise, right?
For a while we were banning the IPs in our firewall manually, but there are over 500 banned IPs right now and we are getting tired of it.
Is this a bug in Novell Groupwise, did we forget about something or is such an option not available in Groupwise 2014?
Greetings from Austria