Thanks for the advise but this is not the case. This spam was sent to
accounts that were used only internally and to accounts just created a day
or so before. It was sent to alias as well as users. It was even sent to
the lists. Since it hit about 90% of the users I don't believe it was a
result of harvesting from lists, etc.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Len Conrad
Sent: Saturday, September 02, 2000 12:02 PM
To: [EMAIL PROTECTED]
Subject: Re: [IMail Forum] security holes
>Since we switched to Imail, we've had an increase in spammers. The spam
>mails are sent to specific user accounts. For example, the spam will be
>sent to the account [EMAIL PROTECTED] (just an example user). Does
>anyone know how they get a list of our users' ids
Spammers harvest email addresses from mailing lists and newsgroups,
and the archives of both.
>and how to keep this from happening?
don't participate on public mailing lists and newsgroups.
>We have the verify command disabled.
That's useful to block harvesting with the SMTP VRFY command. But it
doesn't stop a dictionary attack.
> Are there security holes
>in Imail?
I haven't see a report that crackers have cracked Imail's internal
user base. That approach seems pretty "expensive" for them, ie
illegal and time-consuming, since there are cdroms available (I get
spam selling me 70 million email addresses) and other, cheaper, much
larger sources than an Imail.
Len
http://BIND8NT.MEIway.com: ISC BIND 8.2.2 p5 installable binary for NT4
http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
