Okay, it's now confirmed. The Dictionary Attack feature in V10 is totally broken.
Through systematic testing (turning off all features, and then turning on ONE at a time) I found (and reported to IPswitch as bug) that these settings: Max Invalid Recipients Per Session: 3 Soft Error Limits: 0 Hard Error Limit: 0 Minutes To Deny Access: 5 Error Delay Seconds: 10 Auto-Deny Hack Attempts: On a) will disconnect after 3 bad recipients (that's the ONLY thing that still works) b) will NOT add the IP address to the "deny access" list c) I can't confirm that the 10 second delay works, because IPswitch has yet to figure out, how to add seconds to the LOG files. (Like most, I have a few pages full of log entries for each minute...) IF you turn on "Soft Error Limits", and set it to any value (let's say 5), then it: a) will report log a different error after the FIRST bad recipient b) will immediately add the IP address to the PERMANENT deny list c) will NOT remove the IP address after 5 minutes (or ANY amount of time) d) will do that EVEN if you configure minutes to "0". The net effect is, that anyone who accidentally misspells an email address or is unaware of a change in personnel is banned from your server forever - which does a nice job in reducing your mail volume to next to nothing VERY quickly. EVEN if you add an IP address to the IP WHITE LIST, the "Soft Error Limits" will bypass the white list and STILL permanently block a GOOD IP address! When I tried to report THIS, I was shocked to learn that this is a "known problem"! Basically - with Version 10, IMail is fully vulnerable to Denial-of-service through dictionary attacks because it's key defense (a controlled, time-limited block of suspect IP addresses) is NO LONGER FUNCTIONAL. Although their support staff originally kept claiming that they couldn't reproduce it with my settings, I finally peppered them with enough log files that they had no choice but to acknowledge the situation and now saying they will fix this. THEY are recommending that in the meantime we should all run WITHOUT dictionary attack defenses being turned on! In reality that means -> Everyone back to V9 pronto! Best Regards, Andy To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html
