----- Original Message ----- From: "Bud Durland" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 21, 2004 09:56 Subject: Re: [IMail Forum] Dictionary Attacks and MX Records
> A. Clausen wrote: > > >Having been subjected to weeks of non-stop dictionary attacks, I've now been > >working on something of a solution by scanning the IMail log file for > >rejections and attempting to determine which IPs are nailing us. Part of > >this is doing some DNS lookups, if the overhead isn't too terrible. I know > >right off the bat that I won't accept inbound connections from any server > >without a reverse entry, but was wondering whether it is safe to block hosts > >that do not have MX records? > > > > > > > > I have mixed feelings about not accepting e-mail from machines with no > reverse DNS. I did to until we came under 24 hour dictionary attacks. >Personally, I think that any host that has a legitimate > reason to connect to other mail servers should have reverse DNS properly > configured; it's simply good management. The reality is that many mail > servers don't have reverse DNS. Some admins do this on purpose, > thinking (incorrectly, IMHO) that this shields them from view from the > Internet at large, In any event, you will likely block much legitimate > mail if you block based on not having reverse DNS. > > It is very unsafe to block hosts that do not have MX records -- many > sites have different inbound and outbound SMTP servers. The other possibility is to do use a regular expression algorithm to try to sniff out hosts that look dynamic, though I'm sure there is some legitimate hosts will get nailed. I feel like I'm in a war where collateral damage seems inevitable. What am I supposed to do when some days my small mail server with just 600 addresses is getting pummelled with as many as a million attacks a day? -- A. Clausen [EMAIL PROTECTED] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
