Yeah, we've seen the same kind of attacks also.
If you don't have an IMGate box, the next best step is creating a 'nobody' alias as it
greatly discourages such behavior, when all
the requests then return "250 OK" response codes and the spammer can't tell which the
real accounts are. There seems to be one new
program out there that checks for this alias by first trying a randomly generated
address in the form [EMAIL PROTECTED] where w
= word character and d = digit.
There's a mailing list devoted to this type of SMTP abuse here:
http://www.kopower.com/mailman/listinfo/smtpabuse
I've asked IPSwitch more than once to include some protection against dictionary
attacks in Imail. They don't seem to consider it
important enough to do.
Mike
P.S. What they're trying to accomplish is to harvest a list of all your users for
future spam mailings to them.
----- Original Message -----
From: "dk" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 30, 2000 11:01 AM
Subject: [IMail Forum] server attack
> I have this ongoing problem where someone is running a program that does
> this:
>
> 11:29 03:48 SMTPD(07C30154) [63.17.249.128] RCPT To:<[EMAIL PROTECTED]>
> 11:29 03:48 SMTPD(07C30154) [63.17.249.128] ERR florida.com invalid user
> <[EMAIL PROTECTED]
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
