>How can I stop peolple from doing this?????
As was pointed out, on IMail, blackhole that ip block. This traffic still
gets to you IMail machine and takes Imail resources to handle, but it works.
With IMGate out front of Imail, the blackholing of the ip address, or other
tactic, is done by IMGate and Imail sees nothing, your users are unaffected.
Another IMGate tactice would to to have a list of your users on IMGate so
IMGate could decide itself if the recipient was known.
IMGate can also stop all sessions with do "unauthorized SMTP command
pipelining", I�ve seen this stop 6000 msgs/hour in one attack.
Also, you can reduce the DoS effects on IMGate by lowering its tarpitting
values, so that IMGate, after x errors per session, will start delaying its
response by 20 or 30 seconds, effectively DoSsing the attacker by tying up
his SMTP processing long timeouts.
Of course, if you had access to your router, you block that ib block at the
router.
So what did you do and did it work?
Len
http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
