Wednesday, November 13, 2002 you wrote:
ES> You could set up Tar-pitting (slowing down the process between
ES> accepting multiple rcpt To)
ES> http://support.ipswitch.com/kb/IM-19990805-DM01.htm
I do not believe, nor did my testing so indicate, that this would
help in the case of a dictionary attack. It is fairly hard to
test but basically the dictionary attack never sends a message.
I could not really see any effect of this setting on the live
dictionary attacks. The harvesting program(s) does not seem to
mind a small delay.
I was tailing the log file and counting invalid rcpt to messages
to trigger my program. But apparently the imail server is not
writing the log continuously but in blocks so depending upon the
log file as a trigger vehicle is not very satisfactory.
In addition then the only recourse by my program was to toggle the
server. But this causes the harvesting program simply to switch
to one or more backup mx servers. The backup servers then gather
all the rcpt to's and send them at once to imail.
I believe if the smtp session could be interrupted with an error
code of some sort and then closed that this would be a better way
of terminating the session.
The backup mx servers are a problem though regardless.
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
