>I've been running the batch file which does the summary of all your mail
>activity for about 2 months now, and suddenly over the last 5 days I have
>had an enormous amount of "unknown user" rejects. Last night the attack
>appeared to come from a Japan system. They tried hundreds of names as
>recpt to's from a single message.
a dictionary attack
>I have Relay for Local Hosts only checked, I have SMTP AUTH unchecked and
>I have SMTP VERFY unchecked also.
insecure config, but you know the good one.
>Looks like nothing has made it in, but what else can/should I do to be sure ?
There's nothing you can do to what could be considered a DoS attack if they
hit you with 1000's of unknown users. Aren't you glad you don't have a
nobody alias?
>I tried relay for addresses only,
atta boy
>and have had nothing but problems with users who travel (including the
>CFO) unable to send mail outside our domains using Eudora.
I use Eudora Pro 4.3.2 and since upgrading to 6.03+SMTP AUTH patch, I can
send mail to my 6.03 with CRAM encryption just fine. You and your users
should bite the bullet and do the same by getting your Eudora config sorted
out.
But you can't anything, within Imail, when somebody mailbombs you with a
dictionary attack. If the attack is coming from a fixed ip, you could, at
your router, drop (don't reject) packets from that /24. Dropping (aka
stealth mode) makes their end go into a timeout period, whereas if you
reject, they can immediately comeback. This could slow down their rate of
attack.
Len
Len
http://BIND8NT.MEIway.com: ISC BIND 8 installable binary for NT4
http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
