Wednesday, November 13, 2002 you wrote:
LC> b) nobody aliases will allow attackers to consume tons of your WAN
LC> link bandwidth, your Imail machine's resources
LC> accepting/storing/logging these crap msgs, and fill your disk with
LC> Gb of crap in a very short time, giving you hours of work to clean
LC> it up, and then defrag your heavily accessed/delted mailbox
LC> partition.
Well you would think that but it isn't true in our case.
Adding "nobody" has made the attacks stop. Fighting the attacks
actually increases the number and causes them to come from backup
mx servers. We may have been unusual in this but we were seeing as
many as 100 or more attacks per day. As I stated previously the
longest single session recorded had over 2,000 rejected addresses.
I did develop and employ a working system that blocked the
attacking ips and interrupted the dialogue. Usually I could
interrupt at 5 or 6 invalid receipts but sometimes I would have 2
or so get through.
The spam increase has all been to the domain that was attacked and
amounts to a few hundred messages per day which are just routed to
bit bucket. The bandwidth increase has not been significant
handling this way.
The problem really has to do with how badly IMAIL handles these
spam attack sessions. It doesn't do well.
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
