Case resolved.
And actually this is a MAJOR drawback to ever use the Max invalid rcpt at the SMTP connection registry fix, when you have a secondary MX.
What was happening is that since my Primary MX was closing connection on invalid addresses, all the attacks where reverting to the "friendlier" secondary MX that wasn't closing connections. Add all the closed connections (after 2 invalid) attacks redirected to the secondary MX and the secondary MX trying to resend the undeliverable every 3 hours, failing after 2 invalids, re-queuing, trying again in 3 hours, failing after 2 invalids, re-queuing, etc, etc, etc....
Results: 5000++ emails queued and constantly growing on the secondary MX.
Resolution: Undo the reg fix and let my server being attack like usual
Does anyone have some suggestions on how to prevent those dictionary attacks?
I think the solution depends on if you own or manage the secondary/backup MX server or you don't. If it is managed by your ISP, I think it would be ideal to have the secondary MX server disabled while your primary server is up and running. But that secondary MX server should have a proven method of checking the status of your primary server 24/7 and as soon it notices that your primary is down, then AND ONLY THEN enables your secondary MX server.
I don't have a clue if this method exist and used widely by ISPs for their clients, I haven't had time to dig into this subject in more depth.
If you operate your own backup MX server, then I think the best scenario is to have 3 computers with Imail installed on them:
1. Main Imail server, primary email server, fully hidden from the outside world.
2. MX gateway with Imail on it, Primary
3. MX gateway with Imail on it, Backup
In this scenario you are protected against overload, AND Main Imail server failure, but you are not protected against problems of power outage at your location or if your Internet connection is down for hours or days.
To have a protection/backup solution for that, you would still need an external MX server off site, but then we are already talking about 4 mail servers altogether 3 on site, 1 off site and there comes the question: Who controls the 4th MX gateway? How do they know when to kick that puppy in?
Here I got to the end of the chain of my thoughts, anyone would like to finish it or scrap the whole thing and suggest an ideal solution if any?
(After all, once you own one license of Imail server, you can install it on more than one servers at the same site for MX gateway purposes, they don't even need to be a Pentium 4 machine.)
Geza
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
