This list is under the SMTP settings in 2006.
Note that when you are using "auto deny hack attempts", IMail will block
offending IP's until the service is restarted. I believe these IP's are
stored in memory and not in the ACL list.
The help says that this setting blocks IP's that send more than 512
bytes of data to a command like Mail From or maybe Rcpt To. I had my
own gateway trigger this in my IMail server recently, and I couldn't
find any long commands in my gateway's logs or IMail's logs, and
therefore I suspect that it might be triggered by other things too. I
turned this setting off since I am protected by my gateway and firewall,
however this might be a bad idea to do if IMail will listen to the
Internet. Most hack attempts would try to use over 512 bytes in such a
command in order to cause a buffer overflow and then insert code to be
executed. This setting for instance may have been the difference
between having SMTP crashed, or your server hacked as a result of the
recently patched vulnerability being exploited. Note that I am guessing
about a fair amount of this, but it is educated guessing.
Matt
Robert Grosshandler wrote:
Where do you find this particular ACL list??
BTW -- we've seen similar issues, never spent the time to confirm.
Rebooting the server did seem to clear them up, so I'm not sure which
process might have the issue.
Rob
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Matt
*Sent:* Tuesday, November 14, 2006 11:09 AM
*To:* [email protected]
*Subject:* Re: [IMail Forum] 2006.1 Continuing issues - patch date?
Kevin,
I'm the one that found this one:
When all dictionary attack fields are set to "0" Imail still somehow
mysteriously adds entries to the CAL.
==KG> Will need more details on this one...
<---- SNIP ---->-
