David
I'm guessing you are behind a firewall, I hope so.
Why not go in and block the address range at the firewall and leave it at
that. I've had some pretty nasty people do the same thing you're seeing and
ended up at this. I had some luck with declude and message sniffer, but
these sort of folks are pretty agile and hard to stop. Mine were from China.
John


-----Original Message-----
From: imail_forum-ow...@list.ipswitch.com
[mailto:imail_forum-ow...@list.ipswitch.com] On Behalf Of David E. Smith
Sent: Monday, January 05, 2009 6:24 AM
To: Imail_Forum@list.ipswitch.com
Subject: [IMail Forum] (OT?) Using DNS blacklists with IIS

Lately, I've had a rash of attackers from Nigeria, who have acquired
(through whatever means) legitimate logins and passwords for my Imail users.
They log in, send out a couple thousand emails, and log out. There are no
failed logins, so even an over-zealous account lockout policy wouldn't work
in this instance. 

They only send to five or ten recipients at a time, so they avoid most of
the rate-limiting features. But through the magic of cut-and-paste, they're
able to get a few thousand messages an hour sent out.

All the attackers come from IP space listed on ng.blackholes.us, and I'm
willing to annoy any legitimate users of mine that might be vacationing in
Lagos.

Anyone know of a way to apply DNS blacklists to a Web site in IIS,
comparable to mod_dnsbl for Apache?

David Smith
MVN.net


To Unsubscribe: http://imailserver.com/support/discussion_list/
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://imailserver.com/support/kb.html


To Unsubscribe: http://imailserver.com/support/discussion_list/
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://imailserver.com/support/kb.html

Reply via email to