He's getting 'attacked' on port 25. You block port 25, and you block all SMTP. At that point, you might as well as just turn the box off because it's no longer functional as a mail server.
-Jay -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Bowman Sent: Monday, February 06, 2006 4:58 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Hard to block bad source My understanding was he was experiencing the attack on his local port... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Monday, February 06, 2006 4:40 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Hard to block bad source He does not know what he means. John T eServices For You "Seek, and ye shall find!" > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Imail_Forum- > [EMAIL PROTECTED] On Behalf Of Steinar Rasch > Sent: Monday, February 06, 2006 1:03 PM > To: Imail_Forum@list.ipswitch.com > Subject: RE: [IMail Forum] Hard to block bad source > > Hi! > > What do you mean by: > > Why not block the port at the nic interface? > > Regards, > Steinar > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Richard Bowman > Sent: 6. februar 2006 20:32 > To: Imail_Forum@list.ipswitch.com > Subject: RE: [IMail Forum] Hard to block bad source > > Why not block the port at the nic interface? > > Richard > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tom > Sent: Monday, February 06, 2006 2:18 PM > To: IMail_Forum@list.ipswitch.com > Subject: [IMail Forum] Hard to block bad source > > > Is there a way to block the trouble IP(s) automatically other than manually > entering into the iMail Admin's Control List? > > There are a few (invalid) addresses being targeted that we got log lines as > below. The source apparently changed its IP every time. Any suggestion? > > Tom > > --- > 20060202 010452 127.0.0.1 SMTPD (cb34013000000c68) [LAN_IP] connect > 84.190.104.64 port 1926 > 20060202 010452 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] > EHLO w0op48.eeuyo6oe.comcast.net > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] Max > Invalid RCPTs Exceeded > 20060202 010457 127.0.0.1 SMTPD (cb39015400000c69) [LAN_IP] connect > LAN_IP port 1396 > 20060202 010554 127.0.0.1 SMTPD (cb72014e00000c6a) [LAN_IP] connect > 84.190.104.64 port 2394 > 20060202 010555 127.0.0.1 SMTPD (cb72014e00000c6a) [84.190.104.64] > EHLO OLIVER > 20060202 010559 127.0.0.1 SMTPD (cb77014600000c6b) [LAN_IP] connect > LAN_IP port 1404 > 20060202 010559 127.0.0.1 SMTPD (cb72014e00000c6a) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010600 127.0.0.1 SMTPD (cb72014e00000c6a) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010601 127.0.0.1 SMTPD (cb72014e00000c6a) [84.190.104.64] > C:\IMail\spool\Dcb72014e00000c6a.SMD 2317 > 20060202 010601 127.0.0.1 SMTPD (cb72014e00000c6a) performing antispam > checks > 20060202 010607 127.0.0.1 SMTPD (cb72014e00000c6a) taking spf action: > XHEADER > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) [84.190.104.64] Max > Invalid RCPTs Exceeded > 20060202 010608 127.0.0.1 SMTPD (cb80013000000c6d) [LAN_IP] connect > 84.190.104.64 port 2508 > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] > EHLO a7wgvfqz.uciiceai.cox.net > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] Max > Invalid RCPTs Exceeded > 20060202 010619 127.0.0.1 SMTPD (cb8b015400000c6e) [LAN_IP] connect > 84.190.104.64 port 2572 > 20060202 010619 127.0.0.1 SMTPD (cb8b015400000c6e) [84.190.104.64] > EHLO e2s7i.heq4yb.aol.com > 20060202 010620 127.0.0.1 SMTPD (cb8b015400000c6e) [84.190.104.64] > unacceptable mail address in MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010630 127.0.0.1 SMTPD (cb96014600000c6f) [LAN_IP] connect > 84.190.104.64 port 2673 > 20060202 010630 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] > EHLO OLIVER > 20060202 010630 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] Max > Invalid RCPTs Exceeded > 20060202 010641 127.0.0.1 SMTPD (cba1014e00000c70) [LAN_IP] connect > 84.190.104.64 port 2761 > 20060202 010641 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] > EHLO OLIVER > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] Max > Invalid RCPTs Exceeded > 20060202 010652 127.0.0.1 SMTPD (cbac013000000c71) [LAN_IP] connect > 84.190.104.64 port 2835 > 20060202 010652 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] > EHLO OLIVER.augv.net > 20060202 010654 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] Max > Invalid RCPTs Exceeded > > ________________________________________________________________ > Sent via the WebMail system at neptunefoods.com > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > Denne emailen er skannet og funnet fri for virus > > > Denne emailen er skannet og funnet fri for virus > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/