I would remove those internal IP classes from the allow addresses and force
your internal network to authenticate to send mail. Since you do not have
dialups, you have no reason to put anything in the allow. That should for
now close your hole until you can set your router up to filter those
classes.
Kevin Bevington
----------------------------------------------------------------------------
---------------
AAA Internet, LLC Website http://www.aaainet.net
8070 Presidents Drive Suite B Information [EMAIL PROTECTED]
Orlando, FL 32809 Sales [EMAIL PROTECTED]
(407) 438-4113 Technical Support [EMAIL PROTECTED]
(800) 480-5667
fax (407) 438-5931
----- Original Message -----
From: "Scott Bishop" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 22, 2000 8:06 PM
Subject: RE: [IMail Forum] I am getting killed by spammers relaying onmy
servers.
> Yeah, I have that set up now.
>
> I have 2 class c's. For example 192.168.172.0 with 255.255.255.0 as the
> subnet and 192.168.173.0 and a 255.255.255.0 subnet. Now this is setup in
> Mail relay Options/Relay Mail for (addresses). And these are considerered
> local addresses for mail gatewaying.
>
> Yes, I have verified through the imail log that is indeed still being
> spoofed somehow from the outside. MAkin imail think it is internal. So my
> imail server doesnt even make them authenticate. It just sends without
> asking. What I have done so far to stop it, is block the IP's thats its
> coming from in (Control Access) But then the next night, I get more spam
> from MY VIRTUAL HOST (from other mail servers). There are 3 users on my
> virtual host, me, my wife, and my partner, and I know they arent doing it.
> nor is my wife in .jp making those atttempts.. :)
>
> It's like I'm on some list saying this ISP is using IMAIL, and hey, thats
> easy to hack lets get this guy for while.
>
> I dont get it.
>
> And yes, I see weirded out froms like this.
>
> RCPT TO:<@mail.redrosecookies.com:[EMAIL PROTECTED]>
>
> That paticular one failed. But the ones that have succeeded going through
> were very similiar.
>
>
> Plus I am a web hosting company, so I have to make my customer AUTH
anyway.
> They dont dial up into me.
>
>
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Len Conrad
> Sent: Tuesday, February 22, 2000 6:51 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [IMail Forum] I am getting killed by spammers relaying onmy
> servers.
>
>
> Scott,
>
> Switch to "relay for addresses" and put in there all your Class C or
> subnets. That should stop the relaying, if it's really relaying.
>
> Have you verified in the Imail log that the relaying is happening vs
> somebody in your user base originating the spam?
>
> You have a choice: continue your unsuccessful approaches and get
blackhole
> pissing you and all your users off, or go to "relay for addresses", have
> users complain because they have to use SMTP AUTH when calling in not on
> your ip's, but keep your self out of the blackhole.
>
> Len
>
> ==========
>
> >I have several options selected
> >
> >
> >smtp security
> >relay mail for internal addresses only (on my network)
> >allow remote mail to local groups is checked.
> >check valid sender is checked
> >aut deny possible hack attempts is checked.
> >disable smtp vrfy command is checked.
> >
> >people are still able to relay mail from my server without
authenticating.
> >Im about 1 day away from my UPPER ISP providor filtering mail to my
servers
> >cause I cant stop the spam! I have even denied access to the offenders
> >causing the spam, and emailed the proper authorites. But new spam servers
> >pop up everyday relaying through my secured smtp server (secured hah)
> >
> >
> >Ive been at this for 5 days. Can I get any suggestions??
> >
> >
> >
> >
> >Please visit http://www.ipswitch.com/support/mailing-lists.html
> >to be removed from this list.
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
