Ip forging, not. It is done by using a bot network of compromised PCs. There is no real way to stop it except on a best effort basis. Gateway spam filtering is how we do it and having mail server hardware that can handle the spikes in traffic.
Kevin Bilbee > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tom > Sent: Monday, February 06, 2006 11:26 PM > To: Imail_Forum@list.ipswitch.com > Subject: RE: [IMail Forum] Hard to block bad source > > > It seems that there's no easy solution to really block the > problem source. (how did he do that? IP forging?) By > looking at the IPs in the log almost all of them were > originated from Europe (especially from Eastern Europe). > Does anyone still have the big IP list posted a while ago? > (sorry did not find from the archive yet... taking a shortcut > :) Thanks. > > Tom > > ---------- Original Message ---------------------------------- > From: "Kevin Bilbee" <[EMAIL PROTECTED]> > Reply-To: Imail_Forum@list.ipswitch.com > Date: Mon, 6 Feb 2006 16:45:16 -0800 > > Say it with me people. > > Distributed dictionary attack. Sit back hold on and wait for > it to end. > > > > Kevin Bilbee > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of > Steinar Rasch > > Sent: Monday, February 06, 2006 4:27 PM > > To: Imail_Forum@list.ipswitch.com > > Subject: RE: [IMail Forum] Hard to block bad source > > > > > > Hi! > > > > Sometimes the user is exists on the server. > > > > Other times there will be an invalid user entry in the log. > > > > The server is set to No Mail relay. > > > > > > Regards, > > Steinar > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of John T > > (Lists) > > Sent: 7. februar 2006 01:07 > > To: Imail_Forum@list.ipswitch.com > > Subject: RE: [IMail Forum] Hard to block bad source > > > > Is the RCPT TO address a real address on your server? > > > > If not, you are relaying. > > > > John T > > eServices For You > > > > "Seek, and ye shall find!" > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:Imail_Forum- > > > [EMAIL PROTECTED] On Behalf Of Steinar Rasch > > > Sent: Monday, February 06, 2006 3:26 PM > > > To: Imail_Forum@list.ipswitch.com > > > Subject: RE: [IMail Forum] Hard to block bad source > > > > > > Does anyone know have to block incomming mails like theese? > > > > > > 02:06 23:55 SMTPD(d3e2023100000037) [61.91.163.210] HELO > > > mail.epost.no 02:06 23:55 SMTPD(d3e2023100000037) [61.91.163.210] > > > MAIL FROM: <[EMAIL PROTECTED]> 02:06 23:55 > > > SMTPD(d3e2023100000037) [61.91.163.210] RCPT TO: > <[EMAIL PROTECTED]> > > > 02:06 23:55 SMTPD(d3e2023100000037) [61.91.163.210] > > > D:\IMail\spool\Dd3e2023100000037.SMD 566 > > > 02:06 23:55 SMTPD(d3e2023100000037) performing antispam checks > > > > > > They keep on coming... > > > > > > And every mail has a different IP-address aswell as a > different and > > > bogus [EMAIL PROTECTED] address. > > > > > > I use v8.22 and Declude Pro 3.0.5.23, but I cannot find > any settings > > > for stopping theese mails. > > > > > > > > > Regards, > > > Steinar > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of John T > > > (Lists) > > > Sent: 6. februar 2006 22:40 > > > To: Imail_Forum@list.ipswitch.com > > > Subject: RE: [IMail Forum] Hard to block bad source > > > > > > He does not know what he means. > > > > > > John T > > > eServices For You > > > > > > "Seek, and ye shall find!" > > > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] [mailto:Imail_Forum- > > > > [EMAIL PROTECTED] On Behalf Of Steinar Rasch > > > > Sent: Monday, February 06, 2006 1:03 PM > > > > To: Imail_Forum@list.ipswitch.com > > > > Subject: RE: [IMail Forum] Hard to block bad source > > > > > > > > Hi! > > > > > > > > What do you mean by: > > > > > > > > Why not block the port at the nic interface? > > > > > > > > Regards, > > > > Steinar > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] On Behalf > Of Richard > > > > Bowman > > > > Sent: 6. februar 2006 20:32 > > > > To: Imail_Forum@list.ipswitch.com > > > > Subject: RE: [IMail Forum] Hard to block bad source > > > > > > > > Why not block the port at the nic interface? > > > > > > > > Richard > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] On Behalf Of Tom > > > > Sent: Monday, February 06, 2006 2:18 PM > > > > To: IMail_Forum@list.ipswitch.com > > > > Subject: [IMail Forum] Hard to block bad source > > > > > > > > > > > > Is there a way to block the trouble IP(s) automatically > other than > > > manually > > > > entering into the iMail Admin's Control List? > > > > > > > > There are a few (invalid) addresses being targeted that > we got log > > > > lines > > > as > > > > below. The source apparently changed its IP every time. Any > > suggestion? > > > > > > > > Tom > > > > > > > > --- > > > > 20060202 010452 127.0.0.1 SMTPD > (cb34013000000c68) [LAN_IP] > > connect > > > > 84.190.104.64 port 1926 > > > > 20060202 010452 127.0.0.1 SMTPD (cb34013000000c68) > > [84.190.104.64] > > > > EHLO w0op48.eeuyo6oe.comcast.net > > > > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) > > [84.190.104.64] > > > > MAIL FROM: <[EMAIL PROTECTED]> > > > > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) > > [84.190.104.64] > > > > RCPT TO: <[EMAIL PROTECTED]> > > > > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) > > [84.190.104.64] > > > ERR > > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) > > [84.190.104.64] > > > > RCPT TO: <[EMAIL PROTECTED]> > > > > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) > > [84.190.104.64] > > > ERR > > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) > > [84.190.104.64] > > > Max > > > > Invalid RCPTs Exceeded > > > > 20060202 010457 127.0.0.1 SMTPD > (cb39015400000c69) [LAN_IP] > > connect > > > > LAN_IP port 1396 > > > > 20060202 010554 127.0.0.1 SMTPD > (cb72014e00000c6a) [LAN_IP] > > connect > > > > 84.190.104.64 port 2394 > > > > 20060202 010555 127.0.0.1 SMTPD (cb72014e00000c6a) > > [84.190.104.64] > > > > EHLO OLIVER > > > > 20060202 010559 127.0.0.1 SMTPD > (cb77014600000c6b) [LAN_IP] > > connect > > > > LAN_IP port 1404 > > > > 20060202 010559 127.0.0.1 SMTPD (cb72014e00000c6a) > > [84.190.104.64] > > > > MAIL FROM: <[EMAIL PROTECTED]> > > > > 20060202 010600 127.0.0.1 SMTPD (cb72014e00000c6a) > > [84.190.104.64] > > > > RCPT TO: <[EMAIL PROTECTED]> > > > > 20060202 010601 127.0.0.1 SMTPD (cb72014e00000c6a) > > [84.190.104.64] > > > > C:\IMail\spool\Dcb72014e00000c6a.SMD 2317 > > > > 20060202 010601 127.0.0.1 SMTPD > (cb72014e00000c6a) performing > > > antispam > > > > checks > > > > 20060202 010607 127.0.0.1 SMTPD > (cb72014e00000c6a) taking spf > > > action: > > > > XHEADER > > > > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) > > [84.190.104.64] > > > > MAIL FROM: <[EMAIL PROTECTED]> > > > > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) > > [84.190.104.64] > > > > RCPT TO: <[EMAIL PROTECTED]> > > > > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) > > [84.190.104.64] > > > ERR > > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) > > [84.190.104.64] > > > > RCPT TO: <[EMAIL PROTECTED]> > > > > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) > > [84.190.104.64] > > > ERR > > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) > > [84.190.104.64] > > > Max > > > > Invalid RCPTs Exceeded > > > > 20060202 010608 127.0.0.1 SMTPD > (cb80013000000c6d) [LAN_IP] > > connect > > > > 84.190.104.64 port 2508 > > > > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) > > [84.190.104.64] > > > > EHLO a7wgvfqz.uciiceai.cox.net > > > > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) > > [84.190.104.64] > > > > MAIL FROM: <[EMAIL PROTECTED]> > > > > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) > > [84.190.104.64] > > > > RCPT TO: <[EMAIL PROTECTED]> > > > > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) > > [84.190.104.64] > > > ERR > > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) > > [84.190.104.64] > > > > RCPT TO: <[EMAIL PROTECTED]> > > > > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) > > [84.190.104.64] > > > ERR > > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) > > [84.190.104.64] > > > Max > > > > Invalid RCPTs Exceeded > > > > 20060202 010619 127.0.0.1 SMTPD > (cb8b015400000c6e) [LAN_IP] > > connect > > > > 84.190.104.64 port 2572 > > > > 20060202 010619 127.0.0.1 SMTPD (cb8b015400000c6e) > > [84.190.104.64] > > > > EHLO e2s7i.heq4yb.aol.com > > > > 20060202 010620 127.0.0.1 SMTPD (cb8b015400000c6e) > > [84.190.104.64] > > > > unacceptable mail address in MAIL FROM: > <[EMAIL PROTECTED]> > > > > 20060202 010630 127.0.0.1 SMTPD > (cb96014600000c6f) [LAN_IP] > > connect > > > > 84.190.104.64 port 2673 > > > > 20060202 010630 127.0.0.1 SMTPD (cb96014600000c6f) > > [84.190.104.64] > > > > EHLO OLIVER > > > > 20060202 010630 127.0.0.1 SMTPD (cb96014600000c6f) > > [84.190.104.64] > > > > MAIL FROM: <[EMAIL PROTECTED]> > > > > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) > > [84.190.104.64] > > > > RCPT TO: <[EMAIL PROTECTED]> > > > > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) > > [84.190.104.64] > > > ERR > > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) > > [84.190.104.64] > > > > RCPT TO: <[EMAIL PROTECTED]> > > > > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) > > [84.190.104.64] > > > ERR > > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) > > [84.190.104.64] > > > Max > > > > Invalid RCPTs Exceeded > > > > 20060202 010641 127.0.0.1 SMTPD > (cba1014e00000c70) [LAN_IP] > > connect > > > > 84.190.104.64 port 2761 > > > > 20060202 010641 127.0.0.1 SMTPD (cba1014e00000c70) > > [84.190.104.64] > > > > EHLO OLIVER > > > > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) > > [84.190.104.64] > > > > MAIL FROM: <[EMAIL PROTECTED]> > > > > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) > > [84.190.104.64] > > > > RCPT TO: <[EMAIL PROTECTED]> > > > > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) > > [84.190.104.64] > > > ERR > > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) > > [84.190.104.64] > > > > RCPT TO: <[EMAIL PROTECTED]> > > > > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) > > [84.190.104.64] > > > ERR > > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) > > [84.190.104.64] > > > Max > > > > Invalid RCPTs Exceeded > > > > 20060202 010652 127.0.0.1 SMTPD > (cbac013000000c71) [LAN_IP] > > connect > > > > 84.190.104.64 port 2835 > > > > 20060202 010652 127.0.0.1 SMTPD (cbac013000000c71) > > [84.190.104.64] > > > > EHLO OLIVER.augv.net > > > > 20060202 010654 127.0.0.1 SMTPD (cbac013000000c71) > > [84.190.104.64] > > > > MAIL FROM: <[EMAIL PROTECTED]> > > > > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) > > [84.190.104.64] > > > > RCPT TO: <[EMAIL PROTECTED]> > > > > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) > > [84.190.104.64] > > > ERR > > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) > > [84.190.104.64] > > > > RCPT TO: <[EMAIL PROTECTED]> > > > > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) > > [84.190.104.64] > > > ERR > > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) > > [84.190.104.64] > > > Max > > > > Invalid RCPTs Exceeded > > > > > > > > ________________________________________________________________ > > > > Sent via the WebMail system at neptunefoods.com > > > > > > > > To Unsubscribe: > http://www.ipswitch.com/support/mailing-lists.html > > > > List Archive: > > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > > > > > > > To Unsubscribe: > http://www.ipswitch.com/support/mailing-lists.html > > > > List Archive: > > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > Denne emailen er skannet og funnet fri for virus > > > > > > > > > > > > Denne emailen er skannet og funnet fri for virus > > > > > > > > To Unsubscribe: > http://www.ipswitch.com/support/mailing-lists.html > > > > List Archive: > > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > > List Archive: > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > Denne emailen er skannet og funnet fri for virus > > > > > > > > > Denne emailen er skannet og funnet fri for virus > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > > List Archive: > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > List Archive: > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > Denne emailen er skannet og funnet fri for virus > > > > > > Denne emailen er skannet og funnet fri for virus > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > List Archive: > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > --- > [This E-mail scanned for viruses by Declude Virus] > > > > ________________________________________________________________ > Sent via the WebMail system at neptunefoods.com > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/