It has to do with length of a command during the conversation. For instance, an ESMTP conversation requesting a DSN can have command lines up to 8k in certain areas; while a standard SMTP conversation _should_ never exceed 1k. So, someone sending your SMTP server a HELO (or even an EHLO) followed by 4k of data is _probably_ looking for buffer over run exploits as a route into your system. There is currently no way to change the setting.
Bob > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Rick Leske > Sent: Tuesday, July 16, 2002 13.35 > Subject: RE: [IMail Forum] Question about Auto-deny possible Hack > attempts setting... > > It has something to do with the original length of the packet during the > request. If it exceeds a predetermined length then I believe their ip > addresses is blocked until the next reboot.. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Jason Newland > Sent: Tuesday, July 16, 2002 11:35 AM - MGMT.TV > Subject: [IMail Forum] Question about Auto-deny possible Hack attempts > setting... > > > I was wondering what triggers this? I have had this setting checked for > Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
