Sure, but in most cases these days the attempts on [EMAIL PROTECTED], [EMAIL PROTECTED], and [EMAIL PROTECTED] come from separate IPs.
In that case, a gateway (like Len's IMGate/Postfix solution, or some other mail server with appropriate blocking capabilities) is the only thing you can do to stop the onslaught to your main mail server. Darin. ----- Original Message ----- From: "Cycle Rider" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, November 23, 2004 4:43 PM Subject: RE: [IMail Forum] Dictionary attacks and TCP Probes? Ted, Go into the firewall.ini file and add or find the following lines: [PARMS] auto-blocking = enabled, 0, unknown auto-blocking.timeout = 3600, 9000, unknown The first line enables auto blocking. The second line says to block the IP for 3600 seconds (or 1 hour) then remove the block. This is how you would change the setting from blocking for 24 hours to blocking to 1 hour. Another instance that might cause some problems for you is if you have a user who has software that auto responds to spammers. Sometimes the spammers will have a "from" address of an account on your server. Eg, let's say a spammer sends 3 spams to [EMAIL PROTECTED] and bubba is one of your customers on your server. The first spam is from [EMAIL PROTECTED] The second spam is from [EMAIL PROTECTED] And the third spam from [EMAIL PROTECTED] Your customer's spam software kicks back (auto responds) 3 replies to non-existent addresses on your server. Black ice then blocks their IP. They just cut themselves off from their own mail server for an hour depending on how long you have black ice set to auto block. I had this happen with 1 customer and once they shut off the auto responses I haven't had a problem since. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:IMail_Forum- > [EMAIL PROTECTED] On Behalf Of Ted Galerneau > Sent: Tuesday, November 23, 2004 1:51 PM > To: [EMAIL PROTECTED] > Subject: RE: [IMail Forum] Dictionary attacks and TCP Probes? > > Cycle Rider, > This has worked out pretty awesome until we had a client making a legitimate > mistake where he did a reply to an email where someone had put a name rather > than an email address. After trying 3 times in rapid succession he was > blocked for 24 hours. > > My question would be what to tweak in order to change the 24 hours to only > one hour? I feel that this would make dictionary attacks not worthwhile > while not inadvertently blocking a client for a long time. I am hesitant to > just experiment or fiddle with it trying to produce the proper result since > it's live with all of our clients on it. __________________________________ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
