You should block the IP's in the Access Control portion of your SMTP Security settings...The kill list is for blocking addresses that appear in the SMTP envelope FROM field..
While there is nothing in IMail that can handle these types of attacks I have heard some firewalls can do something about them...Black Ice (server edition) is said to be capable of doing the following: If X ip address causes Y number of errors in Z amount of time then block X for A number of minutes. IF this is so can someone who has this configured please post this part of the setup. We get asked numerous times about it and I for one would like to have an answer for those that ask. Thnx Eric S ----- Original Message ----- From: "Darin Cox" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, August 07, 2004 3:24 PM Subject: Re: [IMail Forum] Spam Attack (I think) > Though this is true in almost all cases, there is one exception. If the > attack is coming from a static IP that does not deliver any legit mail to > your server, you can block the sending IP via the kill list in IMail. > > Most attacks come from distributed dynamic addresses, for which this kind of > blocking is not possible, but I thought it was worth pointing out. > > Obviously you'll want to make sure you don't have a nobody alias for the > domain. > > There are other solutions that Len, Sandy, and others might want to comment > on...or you can search the archives for info on preventing dictionary > attacks. > > Darin. > > > ----- Original Message ----- > From: "David Dodell " <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, August 07, 2004 2:33 PM > Subject: Re: [IMail Forum] Spam Attack (I think) > > > Joel, unfortunately these are "dictionary attacks" and Imail has nothing in > it to prevent them ... it would be nice if Imail saw connections from the > same IP that had multiple user delivery failures, you could lock out the IP > for x number of hours. > > David > > > ---------- Original Message ---------------------------------- > From: "jpol" <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Date: Sat, 7 Aug 2004 13:26:12 -0500 > > >I am using Imail 8.12 for about 50 casual users. I have relay set to None. > My log every day is about 100 Meg. > > > > > > > >I get a VAST number of what appears to be requests for fake email address. > > > > > > > >The typical log says: > > > > > > > >0040807 121936 127.0.0.1 SMTPD (0f28000f026e46a8) [192.168.1.30] > connect 216.196.194.98 port 1362 > > > >20040807 121936 127.0.0.1 SMTPD (0f28000f026e46a8) [216.196.194.98] > HELO amdsb03.org > > > >20040807 121936 127.0.0.1 SMTPD (0f28000f026e46a8) [216.196.194.98] > MAIL FROM:<[EMAIL PROTECTED]> > > > >20040807 121936 127.0.0.1 SMTPD (0f28000f026e46a8) [216.196.194.98] > RCPT TO:<[EMAIL PROTECTED]> > > > >20040807 121936 127.0.0.1 SMTPD (0f28000f026e46a8) [216.196.194.98] > ERR Pearland.com invalid user <[EMAIL PROTECTED] > > > > > > > >How can I stop this? > > > > > > > >It is coming from MANY THOUSANDS of different IP numbers. > > > > > > > > > > > >By the way, this is my first time to post to this forum and if I am doing > it wrong, please excuse me. > > > > > > > >Joel Hokanson > > > >[EMAIL PROTECTED] > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
