> Ted said...
>We run BlackIce here to but our lets the dictionary
attacks attacks just happen. Did you alter something
somewhere to make it stop them?
Yes, open the issuelist.csv file in excel. Find the
line for "Email_Error" and change what is under the
excel column "D" heading to say "IP|RST"
My issuelist.csv file says the following:
2001015 Email_Error 0 IP|RST -1 1
Then go into your blackice.ini file and under the
[settings} section add these lines:
smtp.error.count=3
smtp.error.interval=30
pam.smtp.error.count=3
pam.error.interval=30
The count is the number of bad email address attempts.
The interval is the number of seconds.
If someone trys to send email to us and hits 3
non-existent email addresses within 30 seconds it will
block their IP. That value is low but we are under
constant attack. As I metioned, we have had over
28,000 IPs blocked within just a couple of weeks. My
logs are continually showing these attempts to guess
emaila addresses. Blackice is our ownly defense and
it is superb!
You can control how long their IP remains blocked by
going into the firewall.ini file and adding the
following lines:
[PARMS]
auto-blocking = enabled, 0, unknown
auto-blocking.timeout = 3600, 9000, unknown
The first line enables auto blocking. The second line
says to block the IP for 3600 seconds (or 1 hour) then
remove the block.
__________________________________
Do you Yahoo!?
The all-new My Yahoo! - Get yours free!
http://my.yahoo.com
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
