Spoke too soon. Just happened again.
Jeffery Rehm wrote:
I found that if I allow access to a group and put IP in the setting
appears to stick, or has so far anyway. I was doing it as a single IP
and that wasn't working at all.
Sanford Whiteman wrote:
Ok, now this is getting annoying... IMail Access Control is set to
DENY all computers except one particular machine. Three times today
I have had to go back in and add the machine to the list of allowed
addresses.
While I don't know your exact topology, this particular requirement is
almost always better met by blocking at the firewall or OS level,
rather than at the application socket-discard level.
I had a client a few weeks ago whose POP3D server was getting slammed
by a password-guessing attack (from a single IP, luckily). Their admin
had added the IP to IMail's Control Access, but that only resulted in
the service crashing after a few minutes: remember, the socket still
gets handed "up" to IMail when you only use its internal controls.
While I didn't have access to their firewall, simply blocking the same
IP using Windows built-in IP Security Policy stopped the attack dead.
Preventing IMail from servicing the socket at all should be your goal.
This won't eliminate the published problems when you enable Auto-Deny
and other data-level security features, but if you trust your
permitted IPs enough to let down your guard with these other features,
it's a lot better than Control Access. And frankly, running BlackIce
Server ($299) gives you much more security than using IMail's
data-level inspection. Or there's Snort, etc.
--Sandy
------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
SpamAssassin plugs into Declude!
http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/
Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into
IMail Aliases!
http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/
http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
