If the misspelled recipient is always the same, then why not set up an alias for that misspelling?
Sincerely, Randy Armbrecht Global Web Solutions, Inc. 804-346-5300 x112 877-800-GLOBAL (4562) x112 http://globalweb.net -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alchaemist Sent: Tuesday, August 01, 2006 11:07 AM To: [email protected] Subject: Re: [IMail Forum] AAaa! dictionary lock-out bug Hi, Just my two cents... And I will not enter into the "trust/distrust auth users" discussion that this innocent post trigered. The error is because an authenticated user, tried to send an email to a non existing local account. Once and again till the server got tired (exceeded hard error limit), and blocked the IP. The recipient is ALWAYS the same. Unless the sender is a complete idiot :) and misspells all the emails all the time (And no software can help him in that case). So... it obviously is NOT a dictionary attack, because a dictionary attack would try different addresses of course. Then, IMail by design, perhaps *should* allow one failure, and keep the failed email address. And only start counting errors after a second different email address is tried and failed. That obviously to avoid the need of keeping a full list of failed and only counting unique failed emails. Another option would be, instead of just counting errors, to count them in a configurable short period. Lets say.. a dictionary attack would try lots of times per minute... while a legitimate sender with a mistake will try only once in a while. So, I think this is really a valid concern. And also, I am pretty sure that IPswitch will do nothing about it ever.... (ouch). Regards! Javier Albinarrate "Oblio" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Ok, how did this get over-looked in development? I have an > *authenticated* user who's trying to send a message to another user in > the same domain, but the recipient doesn't exist. After my [hard > error limit] number of failures, the server locks out their IP, > effectively blocking any mail from anyone in the domain (165 users)! Oops? > > I'm all for protecting against dictionary attacks, but shouldn't we be > a little more forgiving to *authenticated local users*??? > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
