Dictionary attacks often come from dynamically assigned IP addresses from DSL and or DUN users. If one person gets blocked on one of those dynamic IP addresses and keeps grabbing a new one and getting blocked, and you have valid users that draw the same IP, they will be blocked. This alone is a good reason to only auto block for shorter time periods.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cycle Rider Sent: Sunday, November 28, 2004 10:46 PM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] Dictionary attacks Jason, Something is wrong with your config. I think of an autoblock as something that is temporary and short term. A block for no more than an hour or so, for example. It sounds like BI wasn't removing the entries automatically after a specified interval. I keep my interval at 1 hour because it is enough to hamper the spammers but not so long as to potentially block a valid emailer. There is no way I'd ever have 50,000 IPs in my list after 1 hour. ================================================== I've been running for a while with BI set to auto block for 3 months these harvest attempts. At first it seemed to be a blessing, but after the firewall.ini file grew to over 50,000 IP addresses (and by that nature 50,000 lines of blocks), BI begain killing our mail servers performance. Processor utilization went from bouncing back and forth between 1 and 40 percent(large mail), it stayed at 100% and mail transfer suffered greatly. I just cut out 90% of the blocks in the ini file, and utilization went back to normal. Seems that BI doesn't cache this information which is very bad. It would be much better if it would keep the file in memory until the file needs updating, then do a write/cache update and keep trucking.....Time to go back to the drawing board.... Regards, Jason __________________________________ Do you Yahoo!? The all-new My Yahoo! - What will yours do? http://my.yahoo.com To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
