> -----Original Message----- > From: Dan Star [mailto:[EMAIL PROTECTED]]
> But over the course of 3 days this activity causes iMail to > freeze the Winsock as best as I can tell. This is worth looking at by itself. What are the signs of trouble - entries in IMail's logs, entries in NT event logs, unexpected service stops, and do any other things break at the same time? What do you do to fix it - reboot, restart the web messaging service (from within IMail admin or through other service controls?) ...or something else entirely? Are you tracking performance counters? (When you're looking through logs, do you see requests for "default.ida"? That's CodeRed, which is dormant from the 20th of each month to the start of the next. If you see a chain of requests looking for "root.exe" or "cmd.exe", you're actually seeing Nimda attempts, BTW. Not a huge difference for this discussion, but keeping that straight could cut through some hassles later on.) > So if > iMail HTTP deamon would just ignore that type of request it > would help for sure. Anything except a vulnerable IIS server should already give a 404 status for both CodeRed and Nimda attempts, and then it should carry on. That's about as close to ignoring it as you could get without special processing (and special processing is the opposite of ignoring). > I am looking into changes to firewall and using BlackIce on > server, but this won't be a simple change on my side. Any chance of taking IMail off port 80? I suppose it's on 80 now for a good reason, but taking it off would save you the worm hassles now and in the future... -- Dave Salovesh RAM Associates, Inc. (800) 543-3635 Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
