>> From: tnichols=20 >> you can turn on the SMTP dictionary attack settings. (on the SMTP service page) This will automatically block IP after a certain number of invalid users sent to. <<
Careful with the "auto-blocking" feature of IMail - because it has a serious flaw (it's been on their to-do). Basically, if you specify that certain IP addresses should automatically be blocked for xx minutes and then be reset, then you'll eventually end up with these temporary blocks becoming PERMANENT. Some of them are likely going to be big providers and you'll end up with a blacklist of your most active SMTP partners! The problem occurs when the Imail server has to be restarted (I don't know if it's just the service or the entire hardware). Basically it LOSES the "time to expire" information that apparently is kept someplace transient - as a result, any IP address that supposedly was temporarily blocked will never be removed! Worst, if people are having trouble reaching your server and you think, oh, let me restart that will "reset" everything. WRONG! BAD! Just the opposite happens. Restarting actually will just aggravate the problem my making even more temporary blocks permanent! The other big flaw is, that you should be able to "whitelist" any SMTP AUTH connections from the auto-block mechanisms. It's not that unusual that one of our clients is trying to send email to a co-workers and because of a new email software, new employee, new PC etc they misspell the address -- or because an ex-employee is on someone's "list" and they do a "reply all". After a few emails, their gateway/router is BLOCKED! Now, these emails end up sitting in the "outbox" and Outlook will keep retrying every few minutes - and this client will only be able to send a few mails every half hour until he's blocked again and switch providers because "your mail is so slow!". Clearly, if we have an SMTP AUTH user, we don't expect that person to need to conduct Dictionary Attacks and if they do, it's easy to address the problem, simply by disabling that user (e.g., password change). IPswitch's argument is, that SMTP AUTH could be broken into and be used for SPAM. Sure, that's true, but has nothing to do with Auto-Blocking. If an SMTP AUTH user start dictionary attacks against Hotmail, AOL, YAHOO and the like through MY server, then IMail's auto-block won't take, because all those email addresses are THIRD PARTY addresses where IMail doesn't detect invalid addresses! Best Regards, Andy Schmidt To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
