I'm hoping that having my IMGate servers as the published MX servers instead of my iMail server reduces the exposure to this attack.
I do have the iMail server open for incoming SMTP, but it is known only to customers. Port scanning would find it, obviously. Perhaps blocking port 25 at the outside firewall and using only the alternate port 587 would help. Does anyone know if the current scans are hitting only port 25? Jeff Hitchcock - [EMAIL PROTECTED] ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Pardue Sent: Thursday, October 26, 2006 2:41 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW I'm not sure how a firewall could help in this instance (if someone can enlighten me you would have my gratitude). As SMTP needs to be opened to the world in order for imail to receive mail, a firewall has simply to allow it (I think) or there is no mail, and that's that. Mark Pipkin <[EMAIL PROTECTED]> wrote: So those that have been effected by this are they behind a SMTP firewall and still get hit or are these servers SMTP live to the internet? ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Korey Verlsteffen Sent: Thursday, October 26, 2006 11:35 AM To: Imail_Forum@list.ipswitch.com Subject: [IMail Forum] SMTP Exploit Scanning Going on NOW Heads up everyone. My IDS systems are reporting heavy scanning for the IMail SMTP exploit. http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html Sincerely, Korey Verlsteffen Network Administrator WebStream Internet Solutions [EMAIL PROTECTED] http://www.webstream.net To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/