>We are under a bruteforce dictionary attack. Has been going on >for the last 24 hours.
dictionary attack or hijacking? they are only sending to your domain? >They are pretty good since they change ip address for every >connection and only try 25 email addresses. they are using open relays, probably. So if you were subscribed to RBL servers by an upstream box like IMGate which would block the attack before it got to your mailbox server. >We are not using SMTP Authentication yet but it is the plans for >the next 2 weeks or so. SMTP AUTH doesn't stop mailbombs and harvesting aimed at your domains. >Any idea on how to stop this. are in the ip's in the same Class C? block that /24 at your edge router. Len www.menandmice.com/DNS-training : DNS Training BIND8NT.MEIway.com : ISC BIND for NT4 & W2K IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
