Dear all
in the last weeks we see brute force logins of thousands of individual IP addresses. This leads to 'locked out' accounts. In our setup, the official user email address is an alias to the account.
My Question: is it possible to disable authentication (IMAP, SMTP, Web) with the alias (only with the account name)?
In our case it would solve the 'Denial of service due to locked out accounts' completely.
Thanks
CU
Carsten
locked out accounts: how to disable authentication with alias
-
tonster
- Zimbra Employee
- Posts: 313
- Joined: Fri Feb 21, 2014 10:14 am
- Location: Ypsilanti, MI
- ZCS/ZD Version: Release 8.7.0_GA_1659.RHEL6_64_2016
Re: locked out accounts: how to disable authentication with alias
No, you can't disable logins from aliases.crose9 wrote:Dear all
in the last weeks we see brute force logins of thousands of individual IP addresses. This leads to 'locked out' accounts. In our setup, the official user email address is an alias to the account.
My Question: is it possible to disable authentication (IMAP, SMTP, Web) with the alias (only with the account name)?
In our case it would solve the 'Denial of service due to locked out accounts' completely.
Thanks
CU
Carsten
Re: locked out accounts: how to disable authentication with alias
Dear tonster, all
thanks for the qualified answer.
The problem with brute force attacks gets bigger and bigger.
Are there any thoughts about (optional) decoupling 'account' and 'email alias' on the zimbra roadmap? From my point of view this is quite more effective than any IP-block method (especially if one IP is only used once a day)
CU
Carsten
thanks for the qualified answer.
The problem with brute force attacks gets bigger and bigger.
Are there any thoughts about (optional) decoupling 'account' and 'email alias' on the zimbra roadmap? From my point of view this is quite more effective than any IP-block method (especially if one IP is only used once a day)
CU
Carsten