Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.

Enhance access control options in GWIA regarding SMTP authentication

Idea ID 2703811

Enhance access control options in GWIA regarding SMTP authentication

Currently, a directly internet connected GWIA is a worthwhile and easy target all sorts of hacking, as it's officially impossible to even outright disable SMTP authentication, let alone control who is allowed to use it. That's why countless GWIAs are constantly bruteforce attacked for valid credentials, often either successful (then abused as spam relay or worse, to access mailboxes of hacked accounts), or at least resulting in DOS attacks, *if* the admin was observant enough to at least change the defaults (which allow brute force attacks without any countermeasure) and enabled intruder detection. At a very minimum, we urgently need a switch to totally disable any SMTP authentication on a GWIA. But in the long run, GWIA needs to be able to control SMTP authentication per user. In its current state, it becomes more and more difficult if not impossible to directly connect GWIA to the Internet due to the lack of security in that area.

1 Comment
Community Manager COEST Community Manager
Community Manager
Status changed to: Waiting for Votes
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.