>detection: one needs some kind a "maillog surfer" daemon that
>accumulates msgs sent and received per each Imail account.
>
>
>Let's say that I did this:
>
>Using Log File Analyzer by Tom Grandgent I could run it every 30 minutes or
>so and find the:
>
>Top Recipients
> 83045 15920015 [EMAIL PROTECTED]
>
>if the value exceeds a maximum then
yes, that's not too bad a plan for small servers, but for busy
servers, the sysMMDD.txt file is humongous and scanning it every 30
mins would be very expensive in machine power by the end of the day.
>reaction:
>
>deny sender access either at the routeer (ip address)
>or SMTP level (access denied by mail from or ip address of SMTP
>client). The using router or an upstream MTA defense is best becasue
>it keeps the cr@p and the defense action out of Imail completely.
> > >maybe the was playing with himself and didn't realize the
> > >damage he was doing.
>
>Our server is in a colocation facility. I suppose we would need our own
>hardware in order to configure some sort of protection.
yes, probably. The colo people won't let you play with their packet
filtering rules on their firewall!
Len
http://BIND8NT.MEIway.com: ISC BIND 8.2.2 p5 & 8.2.3 T6B for NT4 & W2K
http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
