The IMail possible hack algorithm is based on input exceeding the resonable maximum length for the command state.
"length" of what? time? number of SMTP commands per session?
I haven't looked into it any any detail, but several IMail users have had IMGate trigger the defense and to turn it off. IMGate average delivery time to IMail avereges well under 5 seconds, so I don't that the time length of a single session was triggering the defense.There is no limit on requests from a single IP as seen when someone connects with hundreds of simultaneous harvesters - the only solution is to block their IP.
IMGate's postfix follows RFC pretty closely and doesn't do "unauthorized command pipelining", and it very efficient, so I guessed "hack attempt" was too many msgs from on ip per a unit of time. IMGate can also open 10's of SMTP sessiions to the same destination, the "thundering herd", so maybe IMail shuts down when a single ip opens too many simultaneous sessions?
Len
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
