Not recommended, but you could block NULL sender,s or better yet, the IP address at the Firewall level.
Travis > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Scott Smith > Sent: Friday, April 09, 2004 9:04 AM > To: [EMAIL PROTECTED] > Subject: Re: [IMail Forum] Are we vulnerable > > > Okay, which is basically what I said (except that the original > email doesn't > come to your server, but to another server). The point being, all the > thousands of bounced messages still come to your server. Isn't that what > the whole problem is? How would you block all those thousands of bounced > messages from coming at your server? > > Scott Smith - IT Manager > Westside & Detroit Reprographics > 248.489.1999 (Office) > 248.467.0452 (Cell) > [EMAIL PROTECTED] > > ----- Original Message ----- > From: "Darin Cox" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, April 08, 2004 11:35 PM > Subject: Re: [IMail Forum] Are we vulnerable > > > > Not quite...the situation is this > > > > - Email gets sent out from another source. > > - Email has a large number of cc and/or bcc addresses > > - Return address for the email is a forged address on your server > > > > Result: all of the bounces, flames, etc. come back to you (from each > > individual recipient/mail server) via the forged from address. > > > > So the threat is a single source email could result in a large number of > > emails targeted at a particular address. > > > > Darin. > > > > > > ----- Original Message ----- > > From: "Scott Smith" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, April 08, 2004 11:01 PM > > Subject: Re: [IMail Forum] Are we vulnerable > > > > > > Okay, since I am relatively new to email adminstration, please help me > > clarify something. > > > > I read the original message of this thread as saying that someone could > send > > a single email to your server, and in that email could be > thousands of bad > > email addresses to cc the email message to. So then all of a > sudden your > > server would start receiving the same thousands of bounced > email messages > > back to it (because the original message would somehow disguise > it so that > > your server was implicated as the sender of all those bad > messages). Did > I > > read that correctly? > > > > If that was the case, then wouldn't you have to find a way to > block all of > > those thousands of "bounced" email messages hitting your server (which > would > > probably be coming from thousands of IP addresses)? > > > > Please, correct me if I'm wrong - I'm really only a newbie... > > > > Scott Smith - IT Manager > > Westside & Detroit Reprographics > > 248.489.1999 (Office) > > 248.467.0452 (Cell) > > [EMAIL PROTECTED] > > > > ----- Original Message ----- > > From: "Nick Hayer" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, April 08, 2004 6:26 PM > > Subject: Re: [IMail Forum] Are we vulnerable > > > > > > > On 8 Apr 2004 at 18:12, Scott Smith wrote: > > > > > > > Actually, if I'm not mistaken, it would be hundreds, or > thousands, of > > > > IPs hammering you with unwanted email. > > > A daily occurance... > > > > > > I believe Mark was referring to a single server doing a joe job hense > > > my comment of dynamically block an "IP"; for clarification - > > > dynamically block multiple ip's once a certain threshold over time of > > > unwanted emails arrives. Configurable X time and X amount. If w/DJM > > > then by time and X weight. The latter is kinda a 'blend' of DJM and > > > DHijack. [non-existent but would be neat] > > > > > > -Nick Hayer > > > > > > > > > > > > > > > > > Scott Smith - IT Manager > > > > Westside & Detroit Reprographics > > > > 248.489.1999 (Office) > > > > 248.467.0452 (Cell) > > > > [EMAIL PROTECTED] > > > > > > > > ----- Original Message ----- > > > > From: "Nick Hayer" <[EMAIL PROTECTED]> > > > > To: <[EMAIL PROTECTED]> > > > > Sent: Thursday, April 08, 2004 5:59 PM > > > > Subject: Re: [IMail Forum] Are we vulnerable > > > > > > > > > > > > > On 8 Apr 2004 at 16:46, Mark wrote: > > > > > > > > > > > This is a disturbing story. How can we configure our servers to > > > > > > prevent this? > > > > > > > > > > Turning off the NOBODY alias would be helpful right off. I do not > > > > > know a way to dynamically block an IP that hammers you > with unwanted > > > > > mail but that would be a nice feature.. > > > > > > > > > > -Nick Hayer > > > > > > > > > > > > > > > > > > > > > > > > > > Mark > > > > > > > > > > > > > > > > > > It is easy even your granny could do it > > > > > > > > > > > > By<mailto:[EMAIL PROTECTED]> INQUIRER staff: Thursday 08 > > > > > > April 2004, 07:49 EXPERTS IN "computer security" have > worked out a > > > > > > simple way to knock out any email server. > > > > > > > > > > > > A team at NGS Software said that the trick involves > sending forged > > > > > > emails that contain thousands of incorrect addresses in > the "copy > > > > > > to" fields. > > > > > > > > > > > > When this package is sent, huge quantities of unwanted > email will > > > > > > be sent to another mail server. > > > > > > > > > > > > All it takes is finding a server configured to return an email > > > > > > with attachments to each incorrect address. Next you > have to forge > > > > > > an email so it appears to come from the mail server > that is to be > > > > > > the target. > > > > > > > > > > > > When the forged email, complete with the thousands of incorrect > > > > > > addresses is sent, an avalanche of "bounced" messages > sent to the > > > > > > target server causes it to crash. > > > > > > > > > > > > According to New Scientist, with one little 10K email, hackers > > > > > > could then send 100MB back to a server. > > > > > > > > > > > > A third of the email servers of all Fortune 500 > companies are, it > > > > > > appears, open to this kind of attack. If the hacker used an > > > > > > insecure email server the attack would be virtually untraceable. > > > > > > Oh great. > > > > > > > > > > > > > > > > > > --- > > > > > > [This E-mail scanned for viruses courtesy of Netslyder, > > > > > > Inc.(http://www.netslyder.net)] > > > > > > > > > > > > > > > > > > To Unsubscribe: > http://www.ipswitch.com/support/mailing-lists.html > > > > > > List Archive: > > > > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > > > > List Archive: > > > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > > > > > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > > > List Archive: > > > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge > > > > Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > > > > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
