If the "RCPT TO:" addresses are not on your domains, they are trying to relay through you, and clueless. If those are your domains, they are engaging in a "dictionary attack" (trying to guess valid addresses on your mailserver).between 7:46AM and 8:26AM my smptp logs are FULL of the following, same address, IP, etc. Is this a a-hole trying to relay through us?
we have the no relay set so it seems nothing went through,
The logs do show that nothing went through. :)
The best way is blocking the IP in IMail's Control Access file, if they are all coming from the same IP. That way, they can't send anything that IMail will respond to.my other question, what's the best option to block a later possible attempt? use the IP? the username?
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
