>Limiting recipients to 3 will inconvenience legitimate users.
Yes, possible, but that depends on the MTA. An MTA could deliver 3
RCPT TO's, and then Imail denies 4+ IN THAT SESSION, and then the
remote MTA reconnects and sends 3 more, etc. This dramatically
tarpits/slows, not blocks, valid and spamming MTA's but of course 99%
of valid MTA's deliver only one msgs, ime.
Or just raise the 3 to 6 or whatever. It's not a "hard" number, anyway.
>This looks like 2 separate dictionary address harvesters. Short of IMGate,
Dusty was working on a scheme where he automatically exported all
known users from Imail to IMGate so Imail could reject mail, eg, from
harvesters, for unknown-to-Imail users.
IMGate can authenticate RCPT TO: against an external LDAP database
but Imail6's LDAP database is not suitable. Ipswitch says that in
Imail7, or soon after, secure access to the Imail LDAP server user
base will be available to LDAP clients like IMGate.
Having IMGate informed with its own local-to-IMgate database of known
users allows IMGate to reject unknown users WITHOUT querying Imail to
verify an account, a process that burdens Imail. IMGate querying
Imail at high speed during a harvesting attack(s) could effectively DoS Imail.
If a valid user is getting mailbombed from an difficult or impossible
to stop source, his name could be temporarily removed from only the
IMGate user base so IMGate would reject all mail for this user, but
the user could still work with his Imail account for reading/sending
mail. When the DoS stopped, that user's name is re-activated in the
IMGate database. During the entire DoS, Imail sees nothing.
Harvesters often use SMTP command pipelining to race through their
dictionary lists ASAP. Unauthorized SMTP command pipelining can be
blocked at IMGate, so even valid user accounts cannot be harvested if
the harvester uses pipelining, or a MAPS ip addresses, or invalid
hostname in MAIL FROM: @senderdomain.
Non-pipelined, error-free mailbombing of a valid user account is
always the trickiest to detect and stop.
As with spam, IMGate or any defense cannot elimimate all mail-abuse
such as mail bombs and harvesting, but reducing it by 90% !AND!
moving the defense and abuse-absorption from the users' mailbox
server/webmail server to an external box like IMGate is a huge
improvement vs a one-box defense.
Len
http://BIND8NT.MEIway.com : Binary for ISC BIND 8.2.3 T9B for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-spam mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
