Re: [IMail Forum] under attack

Mon, 19 Dec 2005 09:47:39 -0800

That's the infamous dictionary attack. You need to upgrade to 2006 which has a feature that blocks the sending server IP automatically or get something that does. There was a rather well documented thread about using BlackIce to do this very same thing if you can't upgrade.

IMail wrote:
Hi,
 
I believe my IMail server is under attack. I am receiving an average of 4 email messages per second for invalid users. I've included a few lines from my log file. As you can see the sending IP address is changing as are the sender's email address. What can I do to relieve this stress on my server?
 
Thanks
Dave Lessard
 
 
20051219 115736 127.0.0.1       SMTPD (e66901cb009af38a) [60.196.39.53] ERR mail invalid user <[EMAIL PROTECTED]
20051219 115736 127.0.0.1       SMTPD (e658019a00baf37f) [69.10.212.187] RCPT TO: <[EMAIL PROTECTED]>
20051219 115736 127.0.0.1       SMTPD (e658019a00baf37f) [69.10.212.187] ERR mail invalid user <[EMAIL PROTECTED]
20051219 115736 127.0.0.1       SMTPD (e665057d0088f387) [128.138.43.177] MAIL FROM: <[EMAIL PROTECTED]>
20051219 115736 127.0.0.1       SMTPD (e67900bb008ef391) [66.189.28.217] MAIL FROM: <[EMAIL PROTECTED]>
20051219 115736 127.0.0.1       SMTPD (e67565e90056f390) [137.186.131.198] RCPT TO: <[EMAIL PROTECTED]>
20051219 115736 127.0.0.1       SMTPD (e67565e90056f390) [137.186.131.198] ERR mail invalid user <[EMAIL PROTECTED]
20051219 115736 127.0.0.1       SMTPD (e65200ee013cf37a) [82.48.224.178] RCPT TO: <[EMAIL PROTECTED]>
20051219 115736 127.0.0.1       SMTPD (e65200ee013cf37a) [82.48.224.178] ERR mail invalid user <[EMAIL PROTECTED]
20051219 115736 127.0.0.1       SMTPD (e66e041400a0f38c) [203.251.179.199] RCPT TO: <[EMAIL PROTECTED]>
20051219 115737 127.0.0.1       SMTPD (e66e041400a0f38c) [203.251.179.199] ERR mail invalid user <[EMAIL PROTECTED]
20051219 115737 127.0.0.1       SMTPD (e67c35290054f392) [192.168.0.160] RCPT TO: <[EMAIL PROTECTED]>
20051219 115737 127.0.0.1       SMTPD (e668029f008cf389) [213.22.140.15] RCPT TO: <[EMAIL PROTECTED]>
20051219 115737 127.0.0.1       SMTPD (e668029f008cf389) [213.22.140.15] ERR mail invalid user <[EMAIL PROTECTED]
20051219 115737 127.0.0.1       SMTPD (e67e01a40050f393) [84.161.87.18] HELO p54A15712.dip.t-dialin.net
20051219 115737 127.0.0.1       SMTPD (e67001790062f38e) [202.109.211.119] RCPT TO: <[EMAIL PROTECTED]>
20051219 115737 127.0.0.1       SMTPD (e67001790062f38e) [202.109.211.119] ERR mail invalid user <[EMAIL PROTECTED]
20051219 115737 127.0.0.1       SMTPD (e6730114005cf38f) [218.87.13.251] RCPT TO: <[EMAIL PROTECTED]>
20051219 115738 127.0.0.1       SMTPD (e6730114005cf38f) [218.87.13.251] ERR mail invalid user <[EMAIL PROTECTED]
20051219 115738 127.0.0.1       SMTPD (e65a0045009ef381) [82.36.56.128] RCPT TO: <[EMAIL PROTECTED]>
20051219 115738 127.0.0.1       SMTPD (e65a0045009ef381) [82.36.56.128] ERR mail invalid user <[EMAIL PROTECTED]
20051219 115738 127.0.0.1       SMTPD (e665057d0088f387) [128.138.43.177] RCPT TO: <[EMAIL PROTECTED]>
20051219 115738 127.0.0.1       SMTPD (e665057d0088f387) [128.138.43.177] ERR mail invalid user <[EMAIL PROTECTED]
20051219 115738 127.0.0.1       SMTPD (e66901cb009af38a) [60.196.39.53] RCPT TO: <[EMAIL PROTECTED]>
20051219 115738 127.0.0.1       SMTPD (e66901cb009af38a) [60.196.39.53] ERR mail invalid user <[EMAIL PROTECTED]
20051219 115738 127.0.0.1       SMTPD (e658019a00baf37f) [69.10.212.187] RCPT TO: <[EMAIL PROTECTED]>

Reply via email to