Len, Et Al,
I've been running the batch file which does the summary of all your mail
activity for about 2 months now, and suddenly over the last 5 days I have
had an enormous amount of "unknown user" rejects. Last night the attack
appeared to come from a Japan system. They tried hundreds of names as
recpt to's from a single message.
I have Relay for Local Hosts only checked, I have SMTP AUTH unchecked and I
have SMTP VERFY unchecked also.
Looks like nothing has made it in, but what else can/should I do to be sure ?
I tried relay for addresses only, and have had nothing but problems with
users who travel (including the CFO) unable to send mail outside our
domains using Eudora.
Gerry
At 09:38 AM 7/6/2000 +0200, Len Conrad wrote:
>Hard to say for sure. A "dictionary" attack on a mail server can
>"harvest" mail accounts by throwing a "dictionary" of names, including of
>course generic names like sales@, info@, support@, but such an attack
>would also cause a ton of "user unknown" reject lines to show up in your
>logs, so as always surfing the logs is a frequent requirement to see
>what's really going on out there.
>
>Dictionary attacks go faster if you have the SMTP VRFY permitted.
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
