Yes, open the issuelist.csv file in excel. Find the
line for "Email_Error" and change what is under the
excel column "D" heading to say "IP|RST"
My issuelist.csv file says the following:
2001015 Email_Error 0 IP|RST -1 1
Then go into your blackice.ini file and under the
[settings} section add these lines:
smtp.error.count=3
smtp.error.interval=30
pam.smtp.error.count=3
pam.error.interval=30
The count is the number of bad email address attempts.
The interval is the number of seconds.
If someone trys to send email to us and hits 3
non-existent email addresses within 30 seconds it will
block their IP. That value is low but we are under
constant attack. As I metioned, we have had over
28,000 IPs blocked within just a couple of weeks. My
logs are continually showing these attempts to guess
emaila addresses. Blackice is our ownly defense and
it is superb!
You can control how long their IP remains blocked by
going into the firewall.ini file and adding the
following lines:
[PARMS]
auto-blocking = enabled, 0, unknown
auto-blocking.timeout = 3600, 9000, unknown
The first line enables auto blocking. The second line
says to block the IP for 3600 seconds (or 1 hour) then
remove the block.
----- Original Message -----
From: "Keith Johnson" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Friday, May 20, 2005 4:08 PM
Subject: RE: [IMail Forum] SMTPD Memory usage
Dan,
What scripts were you referring to that was posted here for
BlackICE? Are you running BI Server?
Keith
-----Original Message-----
From: [EMAIL PROTECTED] on behalf of Dan Horne
Sent: Thu 5/19/2005 9:32 AM
To: [email protected]
Cc:
Subject: RE: [IMail Forum] SMTPD Memory usage
I agree that Ipswitch needs to get cracking on fixing the issue, but if
you want it to stop NOW then you can use IMGate/postfix or BlackIce
Server with the configs that were posted to the list some time back.
Both methods worked great and Imail is now much happier (we eventually
stuck with postfix gateway). I know many people don't want to have to
set up a linux/bsd gateway, so BlackIce is an alternative that does
work. I couldn't wait for Ipswitch to figure out the problem (which
they still haven't done, I guess).
Postfix on FreeBSD can be set up on a low-end box (ours is 300mhz/190MB
RAM/10GB HD). We do not use Len's IMGate config, we prefer to let
Declude/Sniffer do all the spam filtering. It rejects well over 100,000
dictionary attempts per day (we only actually process less than 20,000
in Imail, of which close to 80% are flagged as spam). In comparison,
Imail was needing daily reboots before the gateway was put in, and it is
running on dual 2.4Ghz/1G RAM/separate mirrored spool, system and
mailbox drives. It isn't ideal (again, Ipswitch should fix the
problem), but if you can't wait for Ipswitch, then you need to do one of
the above or dump Imail.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matrosity Tech
Support
Sent: Thursday, May 19, 2005 9:01 AM
To: [email protected]
Subject: Re: [IMail Forum] SMTPD Memory usage
I'm sure this is contributing to the problem as most of us are under
dictionary attacks at some point in the day. My concern is that the smtp
service isn't releasing the memory.
Dan Horne wrote:
>Could this be the result of excessive dictionary attacks? Even with
>8.2's new feature to protect from these, if the attacks are distributed
>across many IP addresses it could still bog down your server. When it
>was happening to us, I didn't check smtpd32's mem usage, but I do know
>that our server needed a reboot almost daily because it would slow down
>until it couldn't process any more mail at all. Search your logs for
>"invalid user" and see how many hits you get. Just a thought.
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] On Behalf Of Matrosity
>Tech Support
>Sent: Wednesday, May 18, 2005 4:55 PM
>To: [email protected]
>Subject: Re: [IMail Forum] SMTPD Memory usage
>
>No! good
>Which version are you running? 8.2 HF1
>What OS? Win2K SP4
>What kind of hardware? Dell
>How long does it run before needing a reboot? not consistent but ram
>usage grows above 100 MB's in about 2 hrs
>
>for 8.2 you should see memory between 6 and 20 mb for smaller installs
>but it can grow to 60 - 120 mb for a very very active server where many
>users are sending very large attachments. But the mem usage should
>drop back down to between 10 and 20 mb during low usage times.
>
>memory never drops down
>
>BTW, is there a 'nobody' alias on one of your domains? Or do you have a
>lot of mail going to one mailbox? This could cause temporary spikes in
>mem usage if that account is receiving mail with a lot of attachments.
>
>only on our domain
>
>Another issue that I have seen behavior like that in testing 8.2 is the
>spool drive needing a chkdisk to clean up bad indexes which can be
>caused by killing a process while it is creating or deleting a file.
>The issue is that if the service cannot create the spool files the
>threads will block trying to do that and you will see memory grow, the
>thread count grow beyond your Max setting (default 60) and the server
>once all the worker threads are blocked, does not do anything until you
>kill it. But killing it does not solve the problem, running chkdsk /r
>does in this case. Defragging is good and should be done often but
>does not address this particular issue.
>
>We're degragging every 4 hours
>
>
>To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
>List Archive:
>http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
>
>To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
>List Archive:
>http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
>
>
>
>
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
