Country Authentication Restrictions NOT working

This is the area for a general support questions, discussions and information that you can read and share. Post your experiences, stats and tricks and tips that are not covered elsewhere. Remember, for questions please search the FAQ first, as your question may already be answered.

Moderators: wizard, magicspam

Post Reply
chcxab
Posts: 4
Joined: Sat Jul 31, 2021 3:50 pm

Country Authentication Restrictions NOT working

Post by chcxab » Sat Jul 31, 2021 3:53 pm

Hi,

I use MagicSpam Pro in Plesk, latest version of both (formerly Obsidian).

I got a lot of LFD blocked attempts for SMTP AUTH failed logins, so I blocked in the almost all countries in Country Authentication Restrictions except the ones we know we need.

Still I got the same number of attempts, I restarted the service, email services, and still the same.

Any clues? I use Juggernauth Firewall too there.

Best

magicspam
Posts: 1553
Joined: Tue Oct 28, 2008 2:27 pm

Re: Country Authentication Restrictions NOT working

Post by magicspam » Tue Aug 03, 2021 2:43 pm

Hello chcxab,

Thank you for your post.

Please note that SMTP AUTH failures are normally reported for any failed authentication from countries that are blocked in your MagicSpam. This is currently done this way as authentications are rejected on the SMTP layer and not right away when the connection was made That said, we do have an upcoming release, which will block them earlier in the process (e.g: connection level) and we also have new AUTH blocking features available, including the RATS-AUTH RBL, and other reputation lists that you can enable.

Our RATS-AZURE, RATS-GCLOUD, and RATS-AWS are also good tools to block AUTH attacks, they will form the basis of RATS-CLOUD since those ranges are unlikely to be doing normal authentication, compared to say regular email clients.

We will also update our development team, as we can see how our MagicSpam customers would like to block them earlier to reduce the appearance of them in the logs, and make it easier to identify that MagicSpam is working effectively against AUTH attacks.

Thank you for your feedback!
-- MagicSpam Support Team --

MSZ
Posts: 5
Joined: Fri Jul 10, 2020 10:54 pm

Re: Country Authentication Restrictions NOT working

Post by MSZ » Sat Feb 19, 2022 5:12 am

With 'botnets' reaching staggering sizes, the 'bad guys' have millions of machines and IP(s) to spread out their attacks. Modern hackers have found they can make more money from reading and accessing your email accounts and services, than just using it to send spam. While not the complete solution, blocking authentication from countries that your customers never visit can reduce the amount of ways hackers can try to access your email accounts. Just remember, your customers do travel and vacation, but this has proven one of our most popular tools.
Hi, sorry for re-opening this old thread, but I believe this "Country Authentication Restrictions" function is (still) NOT working at all - at least with Plesk.

I have tried blocking all countries (except of course the server country which is whitelisted by default).
Trying to login from different IPs in different countries and it never blocks any authentication attempt.

Tested with several different Plesk versions on different Linux distros (Centos 7 + Ubuntu) over the past 2 years
Currently still not working and recently tested with Plesk Obsidian 18.0.41 on both mentioned distros.

Could you please have a look into this? Thanks.

admin
Site Admin
Posts: 27
Joined: Tue Feb 06, 2007 5:36 am

Re: Country Authentication Restrictions NOT working

Post by admin » Thu Mar 03, 2022 5:47 pm

Hello MSZ,

We haven't been able to replicate the reported issue with the Country Authentication Restrictions. In order to investigate further, would you please provide us with a screenshot of the Country Authentication Restrictions along with the Authentication Log results. The best way to provide us with the following information would be through email.

Thank you.

Post Reply

Return to “General Discussions and Support Questions”

Who is online

Users browsing this forum: No registered users and 16 guests