Hi David -
What is your connection between IIS and IMail? Are you using a version of
IMail that uses IIS (ie:2006 or later)? And what does IIS have to do with
the IMail logins? Are you running a form that requires logins and sends the
mail to your IMail server?
We have been using Declude Hijack for many years with IMail to detect and
stop these kinds of attacks. It has the weakness that it is IP based, so (a)
if a well-distributed attack were to occur, it would not detect it; and (b)
if a lot of legit mail comes from an individual server, you have to set the
detection limits very high for the server's IP. But on the whole, it has
been extremely effective for us.
-Dave Doherty
Skywaves Consulting LLC
----- Original Message -----
From: "David E. Smith" <d...@mvn.net>
To: <Imail_Forum@list.ipswitch.com>
Sent: Monday, January 05, 2009 9:24 AM
Subject: [IMail Forum] (OT?) Using DNS blacklists with IIS
Lately, I've had a rash of attackers from Nigeria, who have acquired
(through whatever means) legitimate logins and passwords for my Imail
users. They log in, send out a couple thousand emails, and log out. There
are no failed logins, so even an over-zealous account lockout policy
wouldn't work in this instance.
They only send to five or ten recipients at a time, so they avoid most of
the rate-limiting features. But through the magic of cut-and-paste,
they're able to get a few thousand messages an hour sent out.
All the attackers come from IP space listed on ng.blackholes.us, and I'm
willing to annoy any legitimate users of mine that might be vacationing in
Lagos.
Anyone know of a way to apply DNS blacklists to a Web site in IIS,
comparable to mod_dnsbl for Apache?
David Smith
MVN.net
To Unsubscribe: http://imailserver.com/support/discussion_list/
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://imailserver.com/support/kb.html
To Unsubscribe: http://imailserver.com/support/discussion_list/
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://imailserver.com/support/kb.html