Blocking IPs without sending a 5xx response is a last resort
hmm, "last" can be "second". :))
Blocking IP's at TCP level, rather than block IPs and PTR hostnames at SMTP level is a very effective, very efficient way of blocking. Highly recommended.
I'm working on such a product right now to run run on Imail servers. :)
codename: IMpm (like Tylenonl PM),
"take one IMpm and get a full night's sleep" :)
The point here is that they could be blocking based on reverse DNS entries that *look* funny to them (IE "personalaccount001.example.com").
*dyn.optonline.net is probably what they are blocking. MS doesn't want any mail from dyn_amic IPs. I don't, either.
They must be blocking blocks of IPs.
Unlikely -- causing 100K of traffic to block a single 2K E-mail is plain dumb.
Refusing TCP connections, esp with no response to first TCP incoming packet, "stealth", at edge routers is very efficient.
And it really maximally tarpits the attackers since their SMTP clients have to wait, usually, for TCP timeouts that the apps don't have control over. Maximally wasting the attackers resources while maximally conserving your own.
Len
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
