We have setting in IMGate that disconnects after x 5xx hard errors. I have x set to 2 and have had no problem, nor have any valid senders (send with no error, and you can send all day).Spammers have been targeting my server with no success. However, I am constantly being bombarded and their "TO" list sometimes is 60, 70 or even a 100 names long. Imail responds to each recipient with "invalid user" messages which sometimes chokes the server.
It is the best way to tarpit attackers, since when IMgate hangs up, the attacker sits there waiting for response that never comes, times out, and must re-connect to start over. IMGate's SMTPD process is already off doing something else, so no loss of IMGate resources. This keeps the average incoming SMTPD connection time to IMGate, for 1000's connections, to only 2 or 3 seconds each.
My advanced IMGate config harvests the ip address from these attacks and blacklists the ip for all traffic. If the ip persists, then escalation will packet filter the ip at tcp/ip level, so the SMTP server won't even see it.
well, "ignore" means what? blacklist sender? hangup after one error? What about a valid sender that has a typo in the recipient address? or a valid sender to a previously valid recipient?My questions are as follows:1. Why does Imail respond to Relay attempts at all. If the sender is unknown to Imail then Imail should ignore the sender.
You want a way to limit the number of "unknown users" per SMTPD, not the number of perhaps good recipients. And there is a setting in IMail to limit the number of valid recipients per SMTPD session, but I think it's only for SMTP outbound sessions. See IMail7 u/g page 270.2. Is there a way to limit the number of recipients?
Len
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
