By your stating he should block the port means you do not understand what is going on for the following reasons:
1: If by blocking the local port would indeed fix the problem that indicates he has a much larger problem of not having a firewall in front of the server. However, that is not the case... 2: The port number listed after the connecting IP is the port number of the REMOTE IP, not the port number on the server. DUH! Sorry, but unless the server is some how blatantly hacked, it is only receiving and listening on port 25 unless that port number has been changed or unless running 8.x or above in which there may be a second port listening, but even then at the post 2 ports listening for the SMTP service. John T eServices For You "Seek, and ye shall find!" > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Imail_Forum- > [EMAIL PROTECTED] On Behalf Of Richard Bowman > Sent: Monday, February 06, 2006 11:32 AM > To: [email protected] > Subject: RE: [IMail Forum] Hard to block bad source > > Why not block the port at the nic interface? > > Richard > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tom > Sent: Monday, February 06, 2006 2:18 PM > To: [email protected] > Subject: [IMail Forum] Hard to block bad source > > > Is there a way to block the trouble IP(s) automatically other than manually > entering into the iMail Admin's Control List? > > There are a few (invalid) addresses being targeted that we got log lines as > below. The source apparently changed its IP every time. Any suggestion? > > Tom > > --- > 20060202 010452 127.0.0.1 SMTPD (cb34013000000c68) [LAN_IP] connect > 84.190.104.64 port 1926 > 20060202 010452 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] > EHLO w0op48.eeuyo6oe.comcast.net > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] Max > Invalid RCPTs Exceeded > 20060202 010457 127.0.0.1 SMTPD (cb39015400000c69) [LAN_IP] connect > LAN_IP port 1396 > 20060202 010554 127.0.0.1 SMTPD (cb72014e00000c6a) [LAN_IP] connect > 84.190.104.64 port 2394 > 20060202 010555 127.0.0.1 SMTPD (cb72014e00000c6a) [84.190.104.64] > EHLO OLIVER > 20060202 010559 127.0.0.1 SMTPD (cb77014600000c6b) [LAN_IP] connect > LAN_IP port 1404 > 20060202 010559 127.0.0.1 SMTPD (cb72014e00000c6a) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010600 127.0.0.1 SMTPD (cb72014e00000c6a) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010601 127.0.0.1 SMTPD (cb72014e00000c6a) [84.190.104.64] > C:\IMail\spool\Dcb72014e00000c6a.SMD 2317 > 20060202 010601 127.0.0.1 SMTPD (cb72014e00000c6a) performing antispam > checks > 20060202 010607 127.0.0.1 SMTPD (cb72014e00000c6a) taking spf action: > XHEADER > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) [84.190.104.64] Max > Invalid RCPTs Exceeded > 20060202 010608 127.0.0.1 SMTPD (cb80013000000c6d) [LAN_IP] connect > 84.190.104.64 port 2508 > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] > EHLO a7wgvfqz.uciiceai.cox.net > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] Max > Invalid RCPTs Exceeded > 20060202 010619 127.0.0.1 SMTPD (cb8b015400000c6e) [LAN_IP] connect > 84.190.104.64 port 2572 > 20060202 010619 127.0.0.1 SMTPD (cb8b015400000c6e) [84.190.104.64] > EHLO e2s7i.heq4yb.aol.com > 20060202 010620 127.0.0.1 SMTPD (cb8b015400000c6e) [84.190.104.64] > unacceptable mail address in MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010630 127.0.0.1 SMTPD (cb96014600000c6f) [LAN_IP] connect > 84.190.104.64 port 2673 > 20060202 010630 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] > EHLO OLIVER > 20060202 010630 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] Max > Invalid RCPTs Exceeded > 20060202 010641 127.0.0.1 SMTPD (cba1014e00000c70) [LAN_IP] connect > 84.190.104.64 port 2761 > 20060202 010641 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] > EHLO OLIVER > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] Max > Invalid RCPTs Exceeded > 20060202 010652 127.0.0.1 SMTPD (cbac013000000c71) [LAN_IP] connect > 84.190.104.64 port 2835 > 20060202 010652 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] > EHLO OLIVER.augv.net > 20060202 010654 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] Max > Invalid RCPTs Exceeded > > ________________________________________________________________ > Sent via the WebMail system at neptunefoods.com > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
