Hi James , I am running also a large ISP mail servers , here is what i posted 2 month ago. I am using SMTP AUTH for all servers.Virus and Harvesters dont use SMTP AUTH so i prevent DOS attack to my mail servers from infected computers using this method.
If you are using a firewall this can help. ---------------------------------- Here is more details about the system. I am using the KIWI syslog server software to send the logs to the SQL You can specify in IMAIL syslogs server ip address .(IF you run KIWI on the same machine ,you have to stop IMAIL syslog ) I have wrote a small Visual Basic Program which scan the SQL database for " ERR .... INVALID USER " lines every 2 min. And my little program Open a telnet connection to the firewall ADD the ip address to block . Then the program remove the ip address after 1 hour. On my firewall i wrote a global policy group to deny access to port 25 So the software add the ip address and specify that it belong to that group lanetkc.com> To: <[EMAIL PROTECTED]> Sent: Thursday, September 04, 2003 7:11 PM Subject: RE: [Declude.JunkMail] Using Declude to block Sobig Virus Simply because my goal is to block it before Declude or my server has a chance to process it. James R. Skivers Network Administrator Web One Inc. [EMAIL PROTECTED] http://astra1.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Star Sent: Thursday, September 04, 2003 10:56 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Using Declude to block Sobig Virus > >I need some suggestions on how to block the Sobig virus from even being > >processed by Declude. The amount of processes are so high it is causing > >extreme latency and causing SMTP to not respond as well as time out. ANY > >help is highly appreciated. > > The best way is to go through the viruses that are received, sort them by > IP, and use IMail's SMTP Control Access file to block the worst offenders. > Why not use the Declude BLACKLIST feature? -- Dan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
