We've running several webservers beside our imail server (v 7.15)
and from one of this servers a user has send a message from a
web-form width a mailfrom address like this:
Name Surname [EMAIL PROTECTED]
It's not the server's fault that you're not validating form input and
Name Surname [EMAIL PROTECTED]
It's not the server's fault that you're not validating form
input and allowing a broken SMTP envelope command, is it?
Imail's docu talks about extra long commands (512 bytes) and not about
malformed recipient addresses. The validation was for having at
06:27 20:51 SMTPD(098700D8) Possible hack attempt from 10.100.1.17,
address will be denied future connections until restart
nice tactic, huh?
I do have Auto-deny possible hack attempts turned on.
turn it off. move on
if 10.100.1.17 is one of your IPs, probably somebody or app screwed up
On Monday, June 30, 2003, 17:55:31, Kevin Stanford wrote:
K 06:27 20:51 SMTPD(098700D8) Possible hack attempt from 10.100.1.17, address
K will be denied future connections until restart
That's a private IP address.
Are you blocking 10/8 on your gateway router?
Is 10/something your inside LAN
This address is my Imail server
At 05:15 PM 6/30/2003, you wrote:
On Monday, June 30, 2003, 17:55:31, Kevin Stanford wrote:
K 06:27 20:51 SMTPD(098700D8) Possible hack attempt from 10.100.1.17, address
K will be denied future connections until restart
That's a private IP address.
Are you
This address is my Imail server
That a very good for Imail to stop accepting mail from!! :)
Len
_
http://MenAndMice.com/DNS-training: Seattle; Chicago; San Jose; Wash DC
IMGate.MEIway.com: anti-spam gateway, effective on
Sounds like an outside server is claiming to be you. Make sure your router
and/or firewall refuse remote connections from all internal IP ranges.
-Original Message-
From: Kevin Stanford
This address is my Imail server
At 05:15 PM 6/30/2003, you wrote:
On Monday, June 30, 2003,
It imposes a limit on the number of characters that are accepted in the SMTP
conversation (excluding DATA).
That's probably not the issue. Check Relay for IP Addresses and make sure
it's listed there. Also review your logs, as they should show you what the
problem is.
Mike
- Original
Does anyone know how Imail implements the auto-deny possible hack
attempts on the SMTP security?
Yes. You check the box that says Auto-deny possible hack attempts on the
SMTP Security tab.
We have an IP number that is being refused access to port 25 on our Imail
server.
This IP number was
Subject: Re: [IMail Forum] Auto-deny possible hack attempts
Does anyone know how Imail implements the auto-deny possible hack
attempts on the SMTP security?
Yes. You check the box that says Auto-deny possible hack attempts on
the
SMTP Security tab.
We have an IP number that is being refused
04, 2001 9:01 AM
To: [EMAIL PROTECTED]
Subject: Re: [IMail Forum] Auto-deny possible hack attempts
You could also do a telnet session to the mail server and see if any errors
are returned. Best thing though is to look in the log on your IMail server.
Eric S
- Original Message -
From: R
No one has yet mentioned the Control Access list (on the SMTP Security
tab). Check that too.
Dave
In reply to 4 Dec message from [EMAIL PROTECTED]:
Hello,
Does anyone know how Imail implements the auto-deny possible
hack attempts on the SMTP security? We have an IP number that is
being
Of Eric Shanbrom
Sent: Tuesday, December 04, 2001 9:01 AM
To: [EMAIL PROTECTED]
Subject: Re: [IMail Forum] Auto-deny possible hack attempts
You could also do a telnet session to the mail server and see if any
errors
are returned. Best thing though is to look in the log on your IMail
server.
Eric S
We have already tried to telnet to port 25 from that particular IP number.
We cannot connect. We have also looked at the logs and cannot find
anything. We've also checked the Relay for addresses. Our whole block of
IP addresses is listed. The Imail server seems to be blocking any
connection
Of Eric Shanbrom
Sent: Tuesday, December 04, 2001 9:01 AM
To: [EMAIL PROTECTED]
Subject: Re: [IMail Forum] Auto-deny possible hack attempts
You could also do a telnet session to the mail server and see if any
errors
are returned. Best thing though is to look in the log on your IMail
server.
Eric
04, 2001 10:41 AM
Subject: Re: [IMail Forum] Auto-deny possible hack attempts
No one has yet mentioned the Control Access list (on the SMTP Security
tab). Check that too.
Dave
In reply to 4 Dec message from [EMAIL PROTECTED]:
Hello,
Does anyone know how Imail implements the auto-deny
877-483-3393
||-Original Message-
||From: [EMAIL PROTECTED]
||[mailto:[EMAIL PROTECTED]]On Behalf Of David Setzer
||Sent: Tuesday, December 04, 2001 11:02 AM
||To: [EMAIL PROTECTED]
||Subject: Re: [IMail Forum] Auto-deny possible hack attempts
||
||
||This feature blocks a user's request
in the log on your IMail server.Eric S- Original
Message -From: "R. Scott Perry" [EMAIL PROTECTED]To:
[EMAIL PROTECTED]Sent: Tuesday, December 04, 2001
9:48 AMSubject: Re: [IMail Forum] Auto-deny possible hack
attempts Does anyone know how Imail implements
the
We have our own SMTP server. We also have our own class B network. We
maintain our mail, print, web, and file servers. As far as we know, we
have not blocked port 25. Other IP addresses in our block are able to
connect to port 25. We think that Imail has somehow blocked access to
port
PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Sent: Tuesday, December 04, 2001 12:27 PM
To: [EMAIL PROTECTED]
Subject: RE: [IMail Forum] Auto-deny possible hack attempts
We have our own SMTP server. We also have our own class B network. We
maintain our mail, print, web, and file
Is BlackIce or ZoneAlarm running on either the server or the
workstation?
Or maybe Win2k port blocking or Win2k IP filters?
There has to be something blocking.
-Original Message-
From: [EMAIL PROTECTED] [mailto:IMail_Forum-
The person in question is not on an ISP. That person is on
The person in question is not on an ISP. That person is on our network. It
is one of our IP addresses. We would like to unblock this IP address so
that it can be used. There is no ISP at all involved. This is all
happening on our network.
OK, then we have ruled out the most common problem.
: [IMail Forum] Auto-deny possible hack
attempts
Does anyone know how Imail implements the auto-deny possible hack
attempts on the SMTP security?
Yes. You check the box that says Auto-deny possible
hack attempts on
the
SMTP Security tab.
We have an IP number that is being refused access
We are able to connect to port 25 from other IP numbers in our block. It
looks to us like
Imail has blocked port 25 for this one IP number. Does anyone have any idea
how that could happen? We have also checked the Control Access list.
If it's not the Control Access list, then it's probably a
Have you tried re-booting the machine?
Eric S
- Original Message -
From: Martha Flugstad [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 04, 2001 11:41 AM
Subject: [IMail Forum] Auto-deny possible hack attempts
From the comments so far, it doesn't sound like the
[EMAIL PROTECTED] wrote:
This feature blocks a user's request if the IP address that they orginated
their Imail session from changes.
No, you're thinking of Ignore source address check for webmail. This is
different.
From release notes, auto-deny possible hack attempts functions like this:
to a decimal value of 25
- Original Message -
From: Martha Flugstad [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 04, 2001 10:39 AM
Subject: RE: [IMail Forum] Auto-deny possible hack attempts
We have already tried to telnet to port 25 from that particular IP number.
We
We have our own SMTP server. We also have our own class B network. We
maintain our mail, print, web, and file servers. As far as we know, we
have not blocked port 25. Other IP addresses in our block are able to
connect to port 25. We think that Imail has somehow blocked access to
port
In Control Access you will want to make sure that Granted Access is
selected rather than Denied Access. It may be good to toggle this
setting and then stop and restart the SMTP service. If it is IMail that
is refusing the connection then this is where I would look.
Dave
In reply to 4 Dec
Have you checked the NT advanced IP configuration to see if it's
blocked in there? Not likely, but a possibility.
Has it ever worked?
-- Original Message --
From: Martha Flugstad [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Tue, 4 Dec 2001
30 matches
Mail list logo
