>I suffering from a huge Dictionary attack on a domain I host (a SPAMER
>is going through every word and variation of words in the dictionary
>trying to find addresses at that domain) and my logs have become useless
>and huge (10,000 + pages and 100 megs per day!). Does any one know of a
>way to prevent this. Ipswitch says I would need to contact the SPAMER
>and tell them to stop, but that is WAY easier said than done. I
>desperate here!
You need a defense by another machine so your mailbox server is
protected from the DoS created by answering the call, looking up user
accounts, rejecting uknown users.
If you can't block at your router by ip block (tcp/ip layer) then do
it at the SMTP / DNS layer with IMGate. IMGate can be set up to
reject all "non authorized SMTP command pipelining" which is commonly
use by harvest to go fast.
Also, the ip block could be either in MAPS or you could block it
yourself with IMGate.
There might also be a constant "mail from: sender@senderdomain" to
filter on, etc, etc.
IMGate can also "tarpit" the abuser by responding slowly (if the
abuser is bothering to wait for SMTP responses). This slows the
abuser down so IMGate can get on with other work. But in general
IMGate has so much send/receive bandwidth that a harvester is not really a pb.
Whatever is found, the key point is that it's IMGate that suffers the
DoS, while you Imail is mostly untouched.
Maybe next time you'll be ready.
Len
http://BIND8NT.MEIway.com : Binary for ISC BIND 8.2.3 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-spam mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
