----- Original Message ----- From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 09, 2004 12:37 Subject: Re: [IMail Forum] Spam Attack (I think)
> > > > Some people refer to "greylisting" as in "E-mail that is blatant spam > > > gets blacklisted (it is deleted), E-mail that is obviously legitimate > > > gets whitelisted (delivered), and all other E-mail is marked with > > > 'possible spam:' in the subject". Some people refer to "greylist" as a > > > list of organizations that have non-double-opt-in mailing lists. > > > Others refer to "greylist" as a list of legitimate organizations that > > > send E-mail to people that requested it, but many of whom no longer > > > want the E-mail and classify it as spam, without requesting removal. > > > >But the OP specifically mentioned "all people writing mail servers" and > >other than the first one above have little to do with an MTA. > > I'm sure he meant "all people writing anti-spam programs", as MTAs > themselves won't do any of the above (unless they have anti-spam built in). I don't expect any anti-spam software like Declude to do the sort of greylisting I'm talking about. Clearly this has to be the MTA. I think it would be keen if Ipswitch did stick that sort of ability into IMail itself, because the only real solution right now is to essentially put up with the attacks. In our case, it was causing the server to become unresponsive for up to 15 minutes, when attacks would reach their maximum. I've got logs archived from a few months ago that are over 300mb in size from a single day! It was causing all sorts of havoc. Customers phoning in asking why when they went to send their email, they got a "serer didn't respond"-style error. IMail simply doesn't have the capacity to deal with it, and using things like the access list are at best kludges, since we have to a) read the logs for a reasonable period of time, b) store IP addresses and try to determine via whatever statistical tools which IPs are offending, and c) build a access list and then d) restart the mail service (we're running IMail 7.07). Most of our customers are dialup customers, and some send large mails and if we restart the mail service too frequently, they get screwed. Now maybe the degree of attacks we were getting was high compared to most people (I have no idea whether that's so or not), but at the end of the day the only solution was to put something between IMail and the outside world. The cheapest solution for us, though it required a bit of learning on my part, was to pop in an Linux box. I removed most of Len's filters and such from the IMGate configs, as we use Declude and sell our antispam and antivirus services to our customers, and basically left in the greylisting. There are times when our sad little piece of hardware (a 233mhz Pentium I MMX with 128mb of RAM) itself gets a helluva working when things get bad, but at least our customers don't see the ugliest moments, and that's what I care about. I'm not bashing IMail, nor am I bashing Declude. Each solution has its place. It's just that I can see how putting this functionality into IMail would improve the product radically. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
