Re[5]: [IMail Forum] what a pain!

Wed, 22 Jan 2003 11:37:50 -0800 



Um, Len? "Such behavior" as 100 users sending from behind the same NAT
router  is  not  legit?




nope. They're effectively equivalent to DUL.  Their mail clients should be 
sending to their org's SMTP gateway where their highly qualified and 
professional mail admin would be able to track their behavior in the SMTP 
logs.  Their org's firewall people should block outbound port 25 access 
just like ISP's do.



They should not be sending to Internet MX's.



So, let's say they do send, are forced to send their mail to the org's SMTP 
gateway.   It's statistically infinitesimal when an single ip has 
legitimately to open 100 simultaneous connects to public MX.  Such behavior 
is self-incriminating.



Here's the STMPD connections stats to an IMGate box protecting 5000 
mailboxes, from 00:00 to 14:00 hours Tuesday:



Host/Domain Summary: Messages Received (top 30)

 msg cnt   bytes   host/domain

 -------- -------  -----------

    525    43163k  aol.com

    517     5896k  returns.groups.yahoo.com

    319     6052k  yahoo.com

    305     8430k  hotmail.com

    166     1758k  from=<>

    153     8088k  columbus.rr.com

    133     2367k  ebay.com

    127      970k  lyris.depoconnect.com

    118   442435   rootsweb.com

    115     2974k  newsletter.online.com

    108      536k  newmailbox.com

     99   473134   js615.com

     98     4148k  msn.com

     87     2130k  vds.com

     83     3988k  unsubscribe.myfamily.com

     83   408481   midrange.com

     82   296783   list.ipswitch.com

     78   341456   marketwatchmail.com

     71     1377k  earthlink.net

     68     2385k  juno.com

     66   322208   untinc.com

     63     1398k  ochsendorf.com

     61   169883   crochetpartners.org

     59      943k  ms1.lga2.nytimes.com

     59      555k  clearance.overstock.com

     58      805k  compuserve.com

     57   298678   4funnytaf.com



So all of  aol's connections of 500/14 hours = less that one 
connection/minute.



So how do you get from that to 100 simultaneous connections ever being legit?



or even 100 connections/hour?



can't get there from here.  :))




Hmm...that's  happening at thousands of legit
sites as we speak...



no, it isn't.




guess we should shut 'em down, then. :)




yep, don't even blink, Just Do It.



All sending from behind their NATs to one MX SIMULTANEOUSLY, is 
certainly  not legit. And they are DUL, they should not be sending to MX's 
but to their org's SMTP server.




Methinks  you're not answering Scott's question as presented.



Who care's what the question was, when one has all the answers??  :))

Len


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/






























					Reply via email to