Idea ID 2703811
Currently, a directly internet connected GWIA is a worthwhile and easy target all sorts of hacking, as it's officially impossible to even outright disable SMTP authentication, let alone control who is allowed to use it. That's why countless GWIAs are constantly bruteforce attacked for valid credentials, often either successful (then abused as spam relay or worse, to access mailboxes of hacked accounts), or at least resulting in DOS attacks, *if* the admin was observant enough to at least change the defaults (which allow brute force attacks without any countermeasure) and enabled intruder detection. At a very minimum, we urgently need a switch to totally disable any SMTP authentication on a GWIA. But in the long run, GWIA needs to be able to control SMTP authentication per user. In its current state, it becomes more and more difficult if not impossible to directly connect GWIA to the Internet due to the lack of security in that area.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.