It seems that there's no easy solution to really block the problem source.
it's impossible.
a distributed attack from 100s or 1000s of IPs to your users is very
hard to block if only a few msgs come from each IP.
a distributed attack from 100s or 1000s of IPs to unknown users is
something the Imail is simply not good at. Imail is overwhelmed by
the attack.
Which is why many Imail admins export the Imail users to a separate
machine as MX that rejects unknown users.
(how did he do that? IP forging?) By looking at the IPs in the log
almost all of them were originated from Europe (especially from
Eastern Europe).
these are probably infected machines on subscriber access networks
running remote access robots controlled by criminals, RATware. There
is very probably no IP forging. They probably aren't attacking just
your MX, either.
Len
_____________________________________________________________________
http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/