>We are under a bruteforce dictionary attack. Has been going on
>for the last 24 hours.
That's getting more and more common these days.
>They are pretty good since they change ip address for every
>connection and only try 25 email addresses.
That, too, is getting more common. We call them "hacker spammers" --
spammers that break into lots of computers for a distributed dictionary
attack. Some have so many compromised computers that they don't both with
the dictionary attack, they just spew their spam to all the addresses, and
don't care that 95% or so isn't delivered.
>We are not using SMTP Authentication yet but it is the plans for
>the next 2 weeks or so.
>
>Any idea on how to stop this.
It is very, very difficult to stop if it is distributed like that. We are
working on a program that is designed to detect dictionary attacks (and
other types of problems, such as people trying to hack a password via
POP3). But in a case like yours, it is very difficult, because they are
coming from different IPs, and it is possible on some systems to have 25
invalid E-mail addresses in a delivery (from some of the larger mailing lists).
You can start blocking all the IPs, but that is very tedious with a
distributed attack like this.
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit the Knowledge Base for answers to frequently asked
questions: http://www.ipswitch.com/support/IMail/
