GilardiCo
asked on
GWIA POP3 configuration
Hello,
Just recently we had an "attack" on our gwia. Some one was trying to log in via Pop3 using an array of different user names which caused some of our mailboxes to become locked due to to many unsuccessful attempts. What I did was I denied the service under Access Control under the GWIA properties default Class of service for everyone. I created a new Class of service for the users that need Pop3 access. I was curious if this is enough to prevent this from happening again? Any help is appreciated.
Just recently we had an "attack" on our gwia. Some one was trying to log in via Pop3 using an array of different user names which caused some of our mailboxes to become locked due to to many unsuccessful attempts. What I did was I denied the service under Access Control under the GWIA properties default Class of service for everyone. I created a new Class of service for the users that need Pop3 access. I was curious if this is enough to prevent this from happening again? Any help is appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello, I need some clarification. I setup my firewall to alert me of any unathorized POP3 attempts. I received two last night. Now in the GWIA log I can see that they tried to login using a couple of id's. However there is no way that I can tell to see if it was successful or not. Secondly the POA log does not show this activity were it did before I made the POP3 changes to my Class of Services. Any info will be helpful. I do see activity in the POA log for the address that are allowed POP3 access.
Thanks.
Thanks.
"We are using POP for some external users"
Have you considered using GroupWise Remote instead? It's much more secure, and gives you access to the full set of GroupWise features. WebAccess is another good alternative. Generally, the only reason to use POP is if you need to support fairly primitive clients.
To see POP3 activities, you need to look in the GWIA log, not the POA log. Your postmaster account might receive a copy of this log nightly, depending on your configuration. It should also be available in your GroupWise logs folder, look for files with GWIA in the name. You might want to change your logging level to capture more details while you investigate this.
Have you considered using GroupWise Remote instead? It's much more secure, and gives you access to the full set of GroupWise features. WebAccess is another good alternative. Generally, the only reason to use POP is if you need to support fairly primitive clients.
To see POP3 activities, you need to look in the GWIA log, not the POA log. Your postmaster account might receive a copy of this log nightly, depending on your configuration. It should also be available in your GroupWise logs folder, look for files with GWIA in the name. You might want to change your logging level to capture more details while you investigate this.
ASKER
I am checking my GWIA logs on a daily basis just as a percaution. The logging is on Verbose and this is what it shows:
03:44:26 391 *** NEW PHYS. CONNECTION, Tbl Entry=0, Socket=100
03:44:26 391 POP3 command: user test
03:44:26 391 POP3 command: PASS
03:44:26 391 POP3 command: user test
03:44:26 391 POP3 command: PASS
03:44:26 391 POP3 command: user test
03:44:26 391 POP3 command: PASS
03:44:27 391 POP3 session ended: 72.21.53.138
03:44:27 391 *** PHYSICAL PORT DISCONNECTED, Tbl Entry=0, Socket=100
03:44:26 391 *** NEW PHYS. CONNECTION, Tbl Entry=0, Socket=100
03:44:26 391 POP3 command: user test
03:44:26 391 POP3 command: PASS
03:44:26 391 POP3 command: user test
03:44:26 391 POP3 command: PASS
03:44:26 391 POP3 command: user test
03:44:26 391 POP3 command: PASS
03:44:27 391 POP3 session ended: 72.21.53.138
03:44:27 391 *** PHYSICAL PORT DISCONNECTED, Tbl Entry=0, Socket=100
ASKER