there is no solution within IMail at this time. What others have tried is some firewall products (Checkpoint for one I think) can block and IP based on errors it causes within a certain amount of time.
Eric S ----- Original Message ----- From: "Ted Beckwith" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 10, 2003 4:23 PM Subject: [IMail Forum] Another ip address to block - revisited > I was analizing our Imail logs to track down a separate problem, and I ran > across the log snippet below. Based on previous threads on this issue, it > appears as though this person is running through common email names to > verify users on the mail server. There are literally hundreds of examples > per day in our logs of similar queries, to hundreds of domains that we host, > from about 12 different IP addresses. > > I'm happy to block the offending IP addresses through the SMTP "Control > Access" button, but this seems like it's going to turn into a never-ending > upkeep. Several of the IP addresses came from dialup pools in foreign > countries. In order to block them for good, I would need to block entire > Class B subnets, thereby likely also blocking legitimate users and mail > servers on those subnets. > > Does anyone have a more realistic solution to this issue. All thoughts are > welcome. > > Thanks, > > Ted Beckwith > Easy CGI > ----------------------------------------------------------------------- > 03:10 00:33 SMTPD(027E029A) [216.150.152.46] connect 203.200.93.5 port 3847 > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] HELO mail.nowhere.com > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] MAIL From: <[EMAIL PROTECTED]> > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user > <[EMAIL PROTECTED] > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user > <[EMAIL PROTECTED] > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user > <[EMAIL PROTECTED] > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT > To:<[EMAIL PROTECTED]> > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user > <[EMAIL PROTECTED] > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user > <[EMAIL PROTECTED] > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user > <[EMAIL PROTECTED] > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user > <[EMAIL PROTECTED] > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user > <[EMAIL PROTECTED] > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user > <[EMAIL PROTECTED] > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user > <[EMAIL PROTECTED] > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> > 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user > <[EMAIL PROTECTED] > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > ----- Original Message ----- > From: "Eric Parsons" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, March 04, 2003 9:59 AM > Subject: [IMail Forum] Another ip address to block > > > > Have been getting these for the last 2 days all day long. It is a Road > > Runner Biz account. Blocked ip in smtp acc file. > > mail log went from 250k to 1.5meg > > Just a heads up Eric > > > > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] EHLO pbimail7.prodigy.net > > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] MAIL From: > <[EMAIL PROTECTED]> > > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] RCPT > > To:<[EMAIL PROTECTED]> > > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] ERR okaloosatax.com invalid > user > > <[EMAIL PROTECTED] > > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] RCPT To:<[EMAIL PROTECTED]> > > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] ERR okaloosatax.com invalid > user > > <[EMAIL PROTECTED] > > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] RCPT > > To:<[EMAIL PROTECTED]> > > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] ERR okaloosatax.com invalid > user > > <[EMAIL PROTECTED] > > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] RCPT > To:<[EMAIL PROTECTED]> > > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] ERR okaloosatax.com invalid > user > > <[EMAIL PROTECTED] > > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] RCPT To:<[EMAIL PROTECTED]> > > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] ERR okaloosatax.com invalid > user > > <[EMAIL PROTECTED] > > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] RCPT > To:<[EMAIL PROTECTED]> > > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] ERR okaloosatax.com invalid > user > > <[EMAIL PROTECTED] > > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] RCPT > To:<[EMAIL PROTECTED]> > > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] ERR okaloosatax.com invalid > user > > <[EMAIL PROTECTED] > > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] EHLO smtp-gw-4.msn.com > > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] MAIL From: <[EMAIL PROTECTED]> > > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] RCPT To:<[EMAIL PROTECTED]> > > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] ERR okaloosatax.com invalid > user > > <[EMAIL PROTECTED] > > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] RCPT > To:<[EMAIL PROTECTED]> > > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] ERR okaloosatax.com invalid > user > > <[EMAIL PROTECTED] > > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] RCPT To:<[EMAIL PROTECTED]> > > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] ERR okaloosatax.com invalid > user > > <[EMAIL PROTECTED] > > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] RCPT > > To:<[EMAIL PROTECTED]> > > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] ERR okaloosatax.com invalid > user > > <[EMAIL PROTECTED] > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
