One problem we've recently had is that a mail server we were trying to send messages to would die intermittently.. Came to discover there were filters on their router that when a certain "incident" happened, it blocked everything from that computer IP for 4 hours.. Maybe this is something you'd like to look into..
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Friday, February 06, 2004 7:10 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] How do they do it? I have no practical solution but you would need something that parses your SMTP logfile in realtime (like unixtool's tail or the new baretail) and track occurences of "invalid user" messages. If there are more then X connection attempts from one single IP in Y minutes causing an invalid user log entry this IP (or at least port 25 from this IP) should be blocked immediatly for Z minutes. Blocking the IP in Imail is problematic because you have to restart the service every time the IP-list is updated. I don't know if some SW firewalls like BlackIce or ZoneAlarm allow external updates for IP-filter tables. Maybe there is also some HW appliance that can do this. Filtering by IP in declude junkmail is too late because this will not block the connection attempts. Are you sure this joe jobs are the real reason why the amount of spam seems to increase after you transfer the domain to your own server? What registrar do you use? There was an intersting argument on this list some days ago about certain registrars that seems to be here specially for spammers. Or are you inserting your clients email adress in the whois information after during transfer? Markus > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Joe Wolf > Sent: Saturday, February 07, 2004 12:39 AM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] How do they do it? > > I called the Black Ice tech support people today and > discussed this issue. > They told me that Black Ice will not stop a dictionary attack > that is in progress, but it would shut the spammer down for a > second attempt. > > He also had major concerns about backup mail spoolers. He > said that you have to whitelist your backup spoolers and that > will still allow the spammer to run their dictionary attacks. > > He didn't think Black Ice was a good product for such use. > He seemed like he knew what he was talking about. > > -Joe > > ----- Original Message ----- > From: "Jeff Kratka" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, February 06, 2004 5:17 PM > Subject: RE: [Declude.JunkMail] How do they do it? > > > > Are there others suggestion for firewall software for the > server. Does > > Zonealarm have a server version and if so does it work as > well as Black > Ice. > > > > > > Jeff Kratka > > > > ***************************************************** > > TymeWyse Internet > > P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 > > tel/fax: (541) 839-6027 - [EMAIL PROTECTED] > > ***************************************************** > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > "unsubscribe Declude.JunkMail". The archives can be found at > > http://www.mail-archive.com. > > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > "unsubscribe Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.