>Out of curiosity and unless this is a trade secret of "advanced scripting", >what is the number of invalid RCPT TO:s that you use as the threshold for >blacklisting?
One one IMail site where I admin the IMGate, I find the habitual dictionary attacker (and I do think it is one SOB, not random attackers) seems to attempt about 25 RCPT TO's per SMTP session, and then hangs up. So I figure 10, or even 5, "unknown users" is per SMTP session is sufficient to detect reliably that this ip is an attacker. Can you imagine a valid list server sending your Imail box 5 or 10 bad users in one SMTP session? not very realistically Len __________________________________________________________________ www.menandmice.com/DNS-training : DNS Training BIND8NT.MEIway.com : ISC BIND for NT4 & W2K IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
