After having a problem with this SMTP security setting ("Auto deny possible
hack attempts" on the SMTP-Security tab) I want to write this informative
message:We've running several webservers beside our imail server (v 7.15) and from one of this servers a user has send a message from a web-form width a mailfrom address like this: "<Name Surname <[EMAIL PROTECTED]>" (note the intital "<") Imail has identified this as "possible hack attempt" and so blocked any furhter SMTP-Traffic from this IP address (and so all other web-forms on this webserver) until the Imail SMTP-Service would be restarted. >From the logfile: 05:21 17:32 SMTPD(0B9A0088) [217.199.26.24] MAIL FROM:<[EMAIL PROTECTED]> 05:21 17:32 SMTPD(0B9A0088) [217.199.26.24] RCPT TO:<Name Surname <[EMAIL PROTECTED]> 05:21 17:32 SMTPD(0B9A0088) [217.199.26.24] ERR mail.zcom.it invalid user <Name 05:21 17:32 SMTPD(0B9A0088) Possible hack attempt from 217.199.26.24, address will be denied future connections until restart Imails Knowledgebase and Helpfile says: Auto-deny possible hack attempts. If more than 512 characters are sent during anything but the SMTP DATA command, the remote IP address is temporarily put in the "deny access" (Control Access) file until you stop and restart the service. Sending more than 512 characters in anything but the SMTP DATA command will look like an attempt to "hack" in to your server. You will not see the address in the "deny access" list, but it is reported in the log file. ...but nothing about "malformed recipient addresses" So or I am missing something or anyone should be carefull with this setting. Markus To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
