Imail also has dictionary attack settings to handle this sort of problem. Send email to random users to harvest email addresses is referred to as a Dictionary attack (in the SMTP world. It can also mean brute force attempts to crack passwords in other settings). The dictionary attack setting work as follows:
Soft Error Limits: Once an ip address reaches this number of errors, each successive SMTP command response is delayed by the value in "Error Delay Seconds" and each error increase the delay by that amount. Thus if "Error Delay Seconds" is 5 second once the soft error limit is reached the first error after that delays 5 sec then 10 then 15 and so on. Hard Error Limit: Once this number of errors for an IP address is reached the IP is automatically place in the SMTP Access Control list (i.e. blocked) for the amount of time in "Minutes To Deny Access" Minutes To Deny Access: How long blocked IPs remain in the Access Control list Error Delay Seconds: length of Delay per error after the "Soft Error Limits" is reached. If all the traffic is coming only from a single IP or a single network segment, just blocking the IP or the entire segment will work well (provided with the segment that you are not blocking legitimate IPs as well). However, if the attack is distributed it will come from multiple and often constantly changing IPs and segments. In this case the Dictionary attack setting are the preferred method (unless you have lots of time on your hands and enjoy sifting through log files to find IPs to block) The Dictionary attack settings are not without draw backs. You can block legitimate SMTP server this way. (some one who has a old email address or something like that) SMTP White Listing IP can mitigate this problem. Short version: If the IPs of Spammers is a single IP or segment only: Block the IP or segment. If not, use dictionary attack settings. Soft Error Limits: 2 Hard Error Limit: 5 Minutes To Deny Access: 2 Error Delay Seconds: 5 Are typical settings, but you may need to adjust for your situation Ted Nichols Ipswitch Messaging QA -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Oh Sent: Thursday, June 21, 2007 11:50 AM To: [email protected] Subject: [IMail Forum] Spam Attacks My Imail log server indicates that someone is trying to send email to random users on my domain. Is this typical and is there a way to prevent this? To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
