On your gateway, it is always a good thing to ban incoming traffic from and to 0.0.0.0 from and to Private ips (10.0.0.0, 192.168.0.0, 172.16. ...) From your own Ips To any ip that is not yours
It's a good idea, but not really that necessary. Why? It's nearly impossible to spoof an IP with TCP stacks these days. UDP packets, on the other hand, can easily be forged. But while you can block private/reserved/etc. IP ranges, if someone is going to send spoofed packets, they can just send them from real IPs (which works better for them, as it throws you off their trail). Then, an IDS would have a harder time identifying the bad packets.
I'm seeing the following entries in my imail log:
09:05 13:02 SMTPD(54b901be00e843e8) [0.0.0.0] connect 206.114.180.92 port 58630
It looks like someone is trying to spoof ip 0.0.0.0?
No; that just means that IMail is listening on port 0.0.0.0 ("INADDR_ANY", indicating that it is listening on whatever IP(s) the TCP/IP stack assigns it). Didn't you wonder what the 206.114.180.92 IP was? :)
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
