There are basically 4 parameters to deal with here: (The max invalid rcpt per session is really a separate setting)
1) Soft error 2) Hard error 3) Delay time 4) Minutes to deny access Here is how it works: SMTP acts normally until the soft error limit is reached (per IP address) Once the soft error limit is reached any additional SMTP responses by the Imail server are delayed by Delay time seconds. For each additional error from that IP, an addition Delay time seconds is added to the delay between responses. Once the Hard error limit is reached, the IP is added to the SMTP Control access list (the IP is blocked by SMTP only) for the number of minutes in the Minutes to deny access setting. Example If server Imail has settings: Soft error = 3 Hard error = 5 Delay time = 5 Minute to deny access = 3 Imail: 220 Imail (Imail 9.1 23-1) NT-ESMTP SERVER X1 Evil spam server: EHLO (some.spoofed.address) Imail: 250 Imail says Hello Evil spam server: mail from [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Imail: 250 ok Evil spam server: rcpt to: <[EMAIL PROTECTED]> Imail: 550 unknown user < nonexistentuser1> Evil spam server: rcpt to: <[EMAIL PROTECTED]> Imail: 550 unknown user < nonexistentuser2> Evil spam server: rcpt to: <[EMAIL PROTECTED]> <------------ Soft error limit reached all responses will now be delayed 5 seconds Imail: 550 unknown user < nonexistentuser3> <---------delayed 5 seconds Evil spam server: rcpt to: <[EMAIL PROTECTED]> Imail: 550 unknown user < nonexistentuser4> <---- delayed 10 seconds Evil spam server: rcpt to: <[EMAIL PROTECTED]> <-- Hard error limit reached Imail: 550 unknown user < nonexistentuser5> Imail: 452 max errors exceeded Now Evil spam server is blocked for 3 minutes (Imail SMTP immediately drop any incoming connections from this IP ) Ted Nichols Ipswitch QA -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rainer Noa Sent: Wednesday, February 14, 2007 7:17 AM To: IMAIL-Forum Subject: [IMail Forum] How to use Dictionary Attack Settings... Sensitivity: Confidential Hello, I need help for the parameter: Error Delay Seconds! How to work with this parameter? Any examples? THX :-) -- i.A. Rainer Noa Projektmanager MilesTec AG Prager Ring 2 66482 Zweibrücken Fon: (06332) 479 00 30 Fax: (01212) 518 21 06 71 via Web.de Mobil: (0171) 742 18 56 Email: [EMAIL PROTECTED] Vorstand: Oliver Reinking Vorsitzender des Aufsichtsrates: Rüdiger Burkart Sitz der Gesellschaft: Zweibrücken Handelsregister Amtsgericht Zweibrücken HRB 1663 Z USt-IdNr.: DE203848108 Steuernummer: 35.657.06239
