Hi,
OK it happened again and I have a message. There is no D/Q/T file with
any portion of e01a003e00f4c2a1 in it. Is the details of the hack
attempt listed anywhere? I would like to see what is triggering the >512
byte limit.
07:22 11:41 SMTPD(0000000000000000) [10.0.0.8] connect 64.201.39.3 port
1848
07:22 11:41 SMTPD(e01a003e00f4c2a1) [64.201.39.3] HELO kohler.tap.net
07:22 11:41 SMTPD(e01a003e00f4c2a1) Possible hack attempt from
64.201.39.3, address will be denied future connections until restart
Thanx
Goran Jovanovic
The LAN Shoppe
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:IMail_Forum-
> [EMAIL PROTECTED] On Behalf Of Goran Jovanovic
> Sent: Thursday, July 22, 2004 11:26 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [IMail Forum] Odd SMTP Connect Problem
>
> Yes that Auto deny setting is turned on.
>
> I finally found the possible hack attempt message in the logs (the
> previous day).
>
> Is there a limit on the max SMTP connections from 1 IP address that
> IMAIL will accept? Looks like it might be 12.
>
>
>
> Goran Jovanovic
> The LAN Shoppe
>
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:IMail_Forum-
> > [EMAIL PROTECTED] On Behalf Of Eric Shanbrom [Ipswitch]
> > Sent: Thursday, July 22, 2004 10:57 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [IMail Forum] Odd SMTP Connect Problem
> >
> > I would be willing to bet that the "Auto deny hack attempts" is
> kicking in
> > here. This will temporarily add their IP address to the access
control
> > list
> > to be denied until the SMTP service is restarted...Check the logs
and
> you
> > will see this in there if this is what's happening
> >
> > Eric S
> >
> > ----- Original Message -----
> > From: "Goran Jovanovic" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, July 22, 2004 10:47 AM
> > Subject: RE: [IMail Forum] Odd SMTP Connect Problem
> >
> >
> > Yes that is what it looks like. But how/where is IMail blacklisting
> it?
> >
> > Can I change the settings somewhere?
> >
> > Goran Jovanovic
> > The LAN Shoppe
> >
> >
> >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED] [mailto:IMail_Forum-
> > > [EMAIL PROTECTED] On Behalf Of Travis Rabe
> > > Sent: Thursday, July 22, 2004 10:45 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: [IMail Forum] Odd SMTP Connect Problem
> > >
> > > Sounds like Imail is temporarily blacklisting it. The only way to
> > stop
> > > that
> > > is to restart the SMTP service. You may want to look at the logs
on
> > that
> > > machine to see what is going on.
> > >
> > > Travis
> > >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] Behalf Of Goran
> > Jovanovic
> > > Sent: Thursday, July 22, 2004 7:38 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: [IMail Forum] Odd SMTP Connect Problem
> > >
> > > OK this is very weird.
> > >
> > > I am running IMail 8.10 and am seeing the following. There is a
> > > secondary MX record for one of the domains that I service. Someone
> > seems
> > > to be sending to it directly and so it sends me a lot of mail for
> this
> > > domain (this is not a problem in my mind). The problem is that the
> > SMTP
> > > service stops accepting mail from this (and only this IP address)
at
> > > random times. It can work for hours and then fail and the next
time
> I
> > > restart the service it will work for minutes, completely
> > unpredictable.
> > >
> > > I have done a packet trace at my end and I see:
> > >
> > > Them sending a SYN
> > > I send and ACK
> > > They send an ACK
> > > Then I send a FIN
> > >
> > > So we never get to the banner being sent out or the helo coming
in.
> > > There is nothing in the log even with debug and verbose turned on.
> > >
> > > >From that point on SMTP will not accept a connection from that IP
> > > address. But, it gets better, all other IPs can connect to the
SMTP
> > > server and still get their mail through. If the other ISP uses
> another
> > > machine in the same IP block that machine can connect no problem.
> > >
> > > I have increased the SMTP setting for Delay between recipients to
> 500
> > > milliseconds but this seems to have no effect.
> > >
> > > This is a dedicated machine to IMail.
> > >
> > > Does anyone have any ideas on what this might be and how to fix
it?
> > >
> > > Goran Jovanovic
> > > The LAN Shoppe
> > >
> > >
> > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> > > List Archive:
> > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
> > >
> > >
> > >
> > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> > > List Archive:
> > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
> >
> >
> >
> > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> > List Archive:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
> >
> >
> > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> > List Archive:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
>
>
>
> To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
