Andy, We have fixed a bug in the SMTP service that was failing to remove the IP from the "deny access" list. This will be in version 10.01 due to release soon.
The settings you list below and the observed results you listed in the first section are actually working as designed. An important thing to know is that the Max Invalid Recipients Per Session will simply disconnect when the number is reached. It does not use any of the other values when processing that check. The IP was not added to the "deny access" list because it's not designed to. When you set a value for Soft Error Limits, it was immediately adding the IP to the "deny access" list because there was no Hard Error Limit set. We have corrected this so that if the Hard Error Limit is set to 0, then it will never add to the "deny access" list. This too will be out in version 10.01. Tom Lewis Ipswitch, Inc. Development Manager - Messaging Products 706-312-3573 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, June 26, 2008 10:58 AM To: [email protected] Subject: [IMail Forum] V10 - Dictionary Attack defense no longer functional -> confirmed! Okay, it's now confirmed. The Dictionary Attack feature in V10 is totally broken. Through systematic testing (turning off all features, and then turning on ONE at a time) I found (and reported to IPswitch as bug) that these settings: Max Invalid Recipients Per Session: 3 Soft Error Limits: 0 Hard Error Limit: 0 Minutes To Deny Access: 5 Error Delay Seconds: 10 Auto-Deny Hack Attempts: On a) will disconnect after 3 bad recipients (that's the ONLY thing that still works) b) will NOT add the IP address to the "deny access" list c) I can't confirm that the 10 second delay works, because IPswitch has yet to figure out, how to add seconds to the LOG files. (Like most, I have a few pages full of log entries for each minute...) IF you turn on "Soft Error Limits", and set it to any value (let's say 5), then it: a) will report log a different error after the FIRST bad recipient b) will immediately add the IP address to the PERMANENT deny list c) will NOT remove the IP address after 5 minutes (or ANY amount of time) d) will do that EVEN if you configure minutes to "0". The net effect is, that anyone who accidentally misspells an email address or is unaware of a change in personnel is banned from your server forever - which does a nice job in reducing your mail volume to next to nothing VERY quickly. EVEN if you add an IP address to the IP WHITE LIST, the "Soft Error Limits" will bypass the white list and STILL permanently block a GOOD IP address! When I tried to report THIS, I was shocked to learn that this is a "known problem"! Basically - with Version 10, IMail is fully vulnerable to Denial-of-service through dictionary attacks because it's key defense (a controlled, time-limited block of suspect IP addresses) is NO LONGER FUNCTIONAL. Although their support staff originally kept claiming that they couldn't reproduce it with my settings, I finally peppered them with enough log files that they had no choice but to acknowledge the situation and now saying they will fix this. THEY are recommending that in the meantime we should all run WITHOUT dictionary attack defenses being turned on! In reality that means -> Everyone back to V9 pronto! Best Regards, Andy To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html
