How can I restrict outgoing SMTP access to specific countries to limit SMTP auth brute force attacks using Juggernaut Firewall?

Important:

  1. Before using the KB article below make sure that all your clients have their email client set to send out using the submission port (587) or SMTPS port (465) because they will no longer be able to send out using the incoming port 25.
  2. Mail that uses the PHP mail function will still be able to send without any problems.
  3. Roundcube webmail will still be able to send without any problems.

Sign up for a Maxmind API key

Sign up for your free MaxMind API key and download the MaxMind databases if you haven't done so already. See here for more information.

Verify that the Submission Port in Plesk in Enabled

  1. Go to Tools & Settings -> Mail Server Settings and check the Enable SMTP service on port 587 on all IP addresses checkbox.
  2. Press the OK button to apply the changes.

Restrict access to the Submission and SMTPS ports

  1. Go to Juggernaut Firewall -> Settings -> Firewall -> Country Settings and add the countries that you want to be able to send though the SUBMISSION and SMTPS ports to Allow countries to ports.
  2. Add port 587 and 465 to Allow countries to TCP ports.
  3. Press the Update button to save the page.

  1. Go to Juggernaut Firewall -> Settings -> Firewall -> Port Settings and remove port 587 and 465 from TCP in and TCP6 in.
  2. Press the Update button to save the page.
  3. Press the Restart button to restart the firewall and login failure daemon.

Disable SMTP authentication in Postfix

Now that the submission and SMTPS ports are restricted to the countries that we want we can disable SMTP authentication on port 25 in Postfix so that attackers cannot brute force passwords on the incoming port:

// make a backup of your postfix master file
cp -a /etc/postfix/master.cf{,.orig}

// disable smtp authentication on the smtp port 25
postconf -P smtp/inet/smtpd_sasl_auth_enable=no

// reload postfix
postfix reload

Now SMTP authentication will be disabled on the incoming port 25 and only the countries that you specified will be able to send out using the SUBMISSION (587) and SMTPS (465) ports. When a user tries to use authentication to send out using the incoming port 25 they would now get the error:

An error occurred while sending mail. The mail server responded:  5.7.1 <test@example.com>: Relay access denied. Please check the message recipient "user@example.com" and try again.

Troubleshooting

If you have trouble and want to revert your changes:

  1. Add port 587 and 465 back to TCP in and TCP6 in under Juggernaut Firewall -> Settings -> Firewall -> Port Settings and restart the firewall.
  2. Re-enable SMTP authentication in Postfix:
// re-enable smtp authentication on the smtp port 25
postconf -PX smtp/inet/smtpd_sasl_auth_enable

// reload postfix
postfix reload
  • brute force, outgoing mail, smtp_auth
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How can I raise the open file limit for the login failure daemon?

The login failure daemon can crash if you are monitoring a lot of domains in Plesk and are...

How can I test to make sure that the OS has all the required kernel modules required for Juggernaut Firewall?

Test from the Juggernaut Extension You can run the firewall test by going to Juggernaut Firewall...

How can I adjust the attack triggers used by the login failure daemon?

To Adjust Login Failure Triggers Navigate to Juggernaut Firewall -> Settings -> Login...

Where are the configuration files for Juggernaut Firewall located?

Configuration files are located in the /etc/csf/ directory with the main firewall configuration...

How can I use Juggernaut Firewall to monitor a list of directories?

Enter the Directories You Want To Monitor Navigate to Juggernaut Firewall -> Settings ->...