GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from

Home » GFI User Forums » Kerio Connect » Suffer from numerous login attempts to Email server
Suffer from numerous login attempts to Email server [message #154393] Fri, 19 May 2023 11:57 Go to next message
waltergarcia is currently offline  waltergarcia
Messages: 1
Registered: May 2023
Hi there,
We suffer from numerous login attempts to our Email server. Because they origin from a specific country we decided to block this country in kerio control. No succes. We looked into the logfiles from Kerio connect and found that the reported ip belongs to an other country. The country we want to block is Bulgaria, the reported country in connect is the US. Does anyone know how to solve this or could tell us what we did wrong. Thanks!
Re: Suffer from numerous login attempts to Email server [message #154411 is a reply to message #154393] Tue, 23 May 2023 17:03 Go to previous messageGo to next message
robinbateman is currently offline  robinbateman
Messages: 226
Registered: April 2012
Location: Oxford(ish) UK

Hi Walter

This should help....

Please consider that sometimes, the GeoIP database may miscategorize IP addresses and countries. This article provides information on how to manually update GeoIP database definitions. In order to solve that you will need to update the GeoIP manually if there are some inconsistencies with some IP addresses. The procedure explained in the "Manually Updating GeoIP Database" ( 5189319-Manually-Updating-GeoIP-Database) article can be used for this.

Robin Bateman
One Red Mouse
Re: Suffer from numerous login attempts to Email server [message #154442 is a reply to message #154393] Wed, 31 May 2023 08:49 Go to previous message
freakinvibe is currently offline  freakinvibe
Messages: 593
Registered: April 2004
This is more a Kerio Control issue than a Kerio Connect issue. So you might want to post the question in the Kerio Control forum.

We also get a lot of failed login attempts (I think everyone does), but Kerio Connect has certain protections, e.g. if the same IP address fails with login a certain number of times it is blocked for a while. So if your users have sufficiently secure passwords, this should not be a problem.

In the Security log, you will see

[28/May/2023 07:50:13] SMTP: AntiHammering - IP address will be blocked for 5 minutes, too many failed logins from this IP address.

Dexion Services AG - IT Support Services in Basel, Switzerland

[Updated on: Wed, 31 May 2023 08:50]

Report message to a moderator

Previous Topic: deleting old mailboxes from STORE
Next Topic: Spamhaus may block legitimate email if you use that blocklist!
Goto Forum:

Current Time: Wed Jun 07 20:36:16 CEST 2023

Total time taken to generate the page: 0.02487 seconds