> If a host receives 1,000,000 e-mails from a single host in a day, can't it
> be flagged as suspicious activity and rerouted to a temp account or
dumped?
Many mail servers are capable of this or some similar behavior. For
instance, as you probably guessed by watching this thread :), our shop uses
VOPmail (among other mail servers).
VOPmail has a feature that forces the server to wait a period time in
between each message over a certain number of legitimate or illegitimate
messages from a single source.
The delay is nice because it doesn't touch the mail and tie up resources on
the VOPmail server. Instead, it places the burden on the sender (ostensibly
the offending relay mail server).
Although this is a nice feature for decreasing the amount of mail that
accumulates through a dictionary attack, this is not good relay protection
because it only take one piece to get through and get reported to the ORBS
database.
Benjamin S. Rogers
Web Developer, c4.net
voice: (508) 240-0051
fax: (508) 240-0057
At 10:18 PM 11/13/00 -0500, you wrote:
> >> Our spam protection is basically not allowing any
> >> messages originating outside our network to be
> >> delivered to any domain not hosted on that VOPMail
> >> machine
>
>That spam protection won't help you if a spammer uses a dictionary list to
>send email. The most common type of spam right now is a dictionary attack
on
>domains you host, not relaying to hosts you don't.
>
>meaning they will send hundreds of thousands of messages addressed like
this
>
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
>
>And so on. One host I know routinely gets upwards of a million emails a day
>addressed like this. This is the greatest single threat to ISP's today.
Most
>servers can't handle this.
>
> - Steve
>
>
>-----Original Message-----
>From: Justin Scott [mailto:[EMAIL PROTECTED]]
>Sent: Monday, November 13, 2000 5:15 PM
>To: CF-Talk
>Subject: Re: Mail Servers
>
>
>Interesting. I'll see if we can contact Sylvain and get something done
>about that if it really is a confirmed spam hole.
>
>Our spam protection is basically not allowing any messages originating
>outside our network to be delivered to any domain not hosted on that
VOPMail
>machine. Since this is configured by IP address, the "from" address really
>isn't an issue in our configuration.
>
>-Justin Scott
>
>
>----- Original Message -----
>From: "Steve Pierce" <[EMAIL PROTECTED]>
>To: "CF-Talk" <[EMAIL PROTECTED]>
>Sent: Monday, November 13, 2000 1:14 PM
>Subject: RE: Mail Servers
>
>
> > Vopmail still has a problem with from lines of just a name and no
domain.
> > Vopmail assumes the sender must be from the default domain and the
server
> > and then will let it relay. That is a definite no-no. Thus it is very
hard
> > to get VOPMail off the spam block lists.
> >
> > Vircom has been aware of the problem for some time, yet they have been
> > unwilling to do anything about it. I too have strongly recommended
>Vircom's
> > VOPMail in the past. But this recent discovery of a spam hole and lack
of
>a
> > fix from Vircom over a known spam hole makes me question my past
> > recommendations.
> >
> > - Steve
> >
> >
> > -----Original Message-----
> > From: Justin Scott [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, November 13, 2000 2:10 PM
> > To: CF-Talk
> > Subject: Re: Mail Servers
> >
> >
> > > Having problems with SMTP and hops.
> > > What mail server(s) does anyone recommend to work well with CF 4.5.
> > >
> > > Thanks for your time.
> >
> > I prefer VOPMail from Vircom myself. It handles just about whatever you
>can
> > throw at it very well, and has full database integration built in so you
>can
> > manage all your mailboxes via ODBC if you want.
> >
> > _______________________________________
> >
> > Justin Scott :: [Staff Developer]
> > http://www.annex.com
> >
> >
>
> --------------------------------------------------------------------------
>--
> > --------------------
> > Archives: http://www.mail-archive.com/[email protected]/
> > Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or
send
>a
> > message with 'unsubscribe' in the body to
>[EMAIL PROTECTED]
> >
>
> --------------------------------------------------------------------------
>----------------------
> > Archives: http://www.mail-archive.com/[email protected]/
> > Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or
send
>a message with 'unsubscribe' in the body to
>[EMAIL PROTECTED]
> >
>
>---------------------------------------------------------------------------
-
>--------------------
>Archives: http://www.mail-archive.com/[email protected]/
>Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a
>message with 'unsubscribe' in the body to
[EMAIL PROTECTED]
>
>---------------------------------------------------------------------------
---------------------
>Archives: http://www.mail-archive.com/[email protected]/
>Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send
>a message with 'unsubscribe' in the body to
[EMAIL PROTECTED]
>
>-=-=-
>SBG-Priority: 4 (Low) http://www.internz.com/SpamBeGone/
--
Michael She
I m a g i n e C o m m u n i c a t i o n s
Company E-mail: [EMAIL PROTECTED]
Personal E-mail: [EMAIL PROTECTED]
ICQ UIN: #243466
Personal Homepage: http://www.michaelshe.com (Under Construction)
Imagine Communications: http://www.imagineer.net
PGP Fingerprint: 9A24 1DA9 39B8 0A0C C5ED 6E5D 45E9 075A 51CD 66A1
----------------------------------------------------------------------------
--------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a
message with 'unsubscribe' in the body to [EMAIL PROTECTED]
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
