|
3000 from one IP? They only get blocked when
they pass the number you have set in a single connection and stay blocked for
the amount of time configured. What are your dictionary attack
settings?
Tripp
----- Original Message -----
Sent: Saturday, May 13, 2006 7:27
PM
Subject: Re: [IMail Forum] invalid user
ip?
and so should be blocked but if I get over 3000
of them then it isn't being blocked.
Tripp Allen wrote:
When something connects to your STMP server and
does a rcpt to: an invalid user, this is reported in the log analyzer as an
invalid user from IP X.X.X.X
Tripp
-----
Original Message -----
Sent:
Saturday, May 13, 2006 4:52 PM
Subject:
Re: [IMail Forum] invalid user ip?
Thanks, Darrell,
I'm wondering if this
has anything to do with Imail's new tarpitting
feature?
Bill
Darrell ([EMAIL PROTECTED])
wrote:
I'm not sure exactly what your looking to
do with Analyze, but if its just harvesting invalid user ip addresses
than take a look at a utility we have (free).
IPHarvest
Reads Imail log files (sys or log) and extracts out the ip
addresses of the remote mail servers that attempt to send mail to
non-existent users. It will display to the console the ip addresses and
number of error messages per ip. It will also generate a text file with
the ip addresses without the number of hits against that ip
address.
I know it works on 8.22 and below.
Not sure on 2006 since I have not tried it yet.
Darrell
------------------------------------------------------------------------ Check
out http://www.invariantsystems.com
for utilities for Declude And Imail. IMail/Declude Overflow Queue
Monitoring, SURBL/URI integration, MRTG Integration, and Log
Parsers.
-----
Original Message -----
Sent:
Friday, May 12, 2006 9:59 AM
Subject:
[IMail Forum] invalid user ip?
I ran Analyze on my logs for smtp errors
and it came up with a bunch of invalid user
IP's?
|
- Re: [IMail Forum] invalid user ip? Tripp Allen
-
