>For that reason I keep an eye on what comes in, by routing it to a
>sub-mailbox instead of NUL.
hmmm, as I mentioned earlier in this thread, the nobody mailbox, not
sent to NUL, will end up with 1000's of msgs, 1000+ per hour, could
mean a disk full in short order, DoS-sing the entire mail server.
>Also, when a chickenboner decides that they've found thousands of
>accounts on my system, I can then file a mailbomb report with the
>upstream ISP's security contacts
Probably not. You had better assume that even if you can find someone
to alert, that they couldn't give a damn about your mail server being attacked.
>that is more likely to get action, instead of a spam report.
I doubt it. A better tactic would report the ip block to MAPS and
try to get it listed. That way, those of us who use MAPS blackholes
might get a little less hassle.
The best defense against DoS attacks is to have an upstream bastion
mail host, a separate machine, take the attack, rejecting the msgs,
not eating them, and take the DoS rather than the expect the machine
that holds your clients' mailboxes and mails services do it.
Len
http://BIND8NT.MEIway.com : ISC BIND 8.2.2 p5 & 8.2.3 T6B for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-spam mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
