John, I think you misunderstood my suggestion. I was suggesting that you run MS SMTP as well as IMail/JunkMail on the gateway. Actually, I can tell you that running IMail/JunkMail as the actual gateway is a pretty bad idea at the moment. You really need some other product to do the address validation for the recipients on the gateway and drop the bad stuff before scanning it. You could be going along just fine for months and then all of a sudden get blasted out of nowhere with a distributed dictionary attack. I have found from researching the worst of the worst of these guys that his zombie network is so large that he doesn't hit you twice in the same day with the same IP, he uses an IP for about 30 seconds and then moves on to another one and continues (sometimes simultaneously). It is 100% impossible to block this guy with anything but address validation or some sort of real-time dictionary attack detection system. I would strongly recommend that on your gateway, you consider first how to do address validation and then piece together the rest. If this is just a single domain, you might chance it and have a backup strategy in place to switch to the primary server for scanning in the event that address validation is necessary. These attacks can create over 200,000 bogus messages a day. I also have a feeling that they aren't even dictionary attacks, I think that this one spammers is just so lazy and has so many machines available to him that he figures that he can spam 200,000 messages and only hit 2 real addresses and it will be worth his time, and his sociopathic nature will get the stimulation it needs. There is no good reason for doing what this guy does. Matt John Tolmachoff (Lists) wrote:
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== |
- Re: [Declude.JunkMail] IPBYPASS and WHITELIST IP R. Scott Perry
- RE: [Declude.JunkMail] IPBYPASS and WHITELIST IP Colbeck, Andrew
- RE: [Declude.JunkMail] IPBYPASS and WHITELI... John Tolmachoff \(Lists\)
- Re: [Declude.JunkMail] IPBYPASS and WHI... Matt
- Re[2]: [Declude.JunkMail] IPBYPASS ... Sanford Whiteman
- [Declude.JunkMail] Test Action ... Kevin Bilbee
- Re: [Declude.JunkMail] Tes... R. Scott Perry
- RE: [Declude.JunkMail]... Kevin Bilbee
- RE: [Declude.JunkMail]... R. Scott Perry
- RE: [Declude.JunkMail] IPBYPASS and... John Tolmachoff \(Lists\)
- RE: [Declude.JunkMail] IPBYPASS... Matt
- RE: [Declude.JunkMail] IPB... John Tolmachoff \(Lists\)
- Re[2]: [Declude.JunkMail] ... Sanford Whiteman
- RE: Re[2]: [Declude.Ju... John Tolmachoff \(Lists\)
- Re: [Declude.JunkMail]... Matt
- Re[2]: [Declude.JunkMa... Sanford Whiteman
- RE: [Declude.JunkMail] IPBYPASS and WHITELIST IP Colbeck, Andrew