Is it possible for IMGate to know about valid accounts on the Imail Server in order stem the tide of dictionary attacks.
sure, every MX needs to be able to reject mail to unknown users, even AOL is finally going this route, in a massive project.
I see that vamsoft can do it via AD, but I'm using an external SQL database.
you don't want to load down your Imail user database with queries from the front-end MX, since can pass a dictionary DoS through to the mailbox server. Duplicate the user database on the MXs so they are independent of the mailbox server.
Both solutions sound compelling.
Terry Fritts has done some export tools that are Imail-nobody-domain-aware, and postfix-compatible.
1. http://www.smartbusiness.net/imail/
The exported file can be emailed to a program alieas on the IMGate MXs, or pushed or pulled with ftp or rsync.
and
2:
"I've posted a new program for retrieving imail users and domains. Works for me but not widely tested.
http://www.smartbusiness.com/imail/imusrsvr.asp
Runs as a service on your Windows IMAIL machine - communicates with a client over TCP/IP. INI file provides settings to bind to IP and port. Should work for IMAIL registry and ODBC databases. Data is sent compressed and then has to be uncompressed by the client. Program updates its own data every 1 hour if not forced.
Usage: update - forces data to be reloaded from registry and odbc sources
r-a - (same as current Imailusers Utility) r-d - domains r-odbc - odbc domains r-domainalias r-u - users r-alias - user aliases
r-p [EMAIL PROTECTED]:password
(registry passwords are decrypted but odbc passwords are
returned as found so if those are encrypted they will not be
decrypted)[EMAIL PROTECTED] - 1 user, 2 alias, 0 not there
[EMAIL PROTECTED] - 1 domain, 2 alias, 0 not
Page above provides a Windows client program and a Perl client script in addition to the server program. The Perl client uses Tk and hasn't been tested on anything besides Windows. However, should provide an example of how to communicate with the server using Perl over any platform really. Windows program is just a utility for testing really.
If you use this be certain to protect the port - no protection is provided in the program.
Report bugs, errors, comments on the web page please.
Terry Fritts"
Len
_____________________________________________________________________ http://MenAndMice.com/DNS-training : Denver; NYC; San Jose http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
