Eric,
Are you also running a hardware firewall to front your Imail Server?
Keith
-----Original Message-----
From: [EMAIL PROTECTED] on behalf of Eric Shanbrom [IPswitch]
Sent: Sat 5/21/2005 1:04 PM
To: [email protected]
Cc:
Subject: Re: [IMail Forum] SMTPD Memory usage
Yes, open the issuelist.csv file in excel. Find the
line for "Email_Error" and change what is under the
excel column "D" heading to say "IP|RST"
My issuelist.csv file says the following:
2001015 Email_Error 0 IP|RST -1 1
Then go into your blackice.ini file and under the
[settings} section add these lines:
smtp.error.count=3
smtp.error.interval=30
pam.smtp.error.count=3
pam.error.interval=30
The count is the number of bad email address attempts.
The interval is the number of seconds.
If someone trys to send email to us and hits 3
non-existent email addresses within 30 seconds it will
block their IP. That value is low but we are under
constant attack. As I metioned, we have had over
28,000 IPs blocked within just a couple of weeks. My
logs are continually showing these attempts to guess
emaila addresses. Blackice is our ownly defense and
it is superb!
You can control how long their IP remains blocked by
going into the firewall.ini file and adding the
following lines:
[PARMS]
auto-blocking = enabled, 0, unknown
auto-blocking.timeout = 3600, 9000, unknown
The first line enables auto blocking. The second line
says to block the IP for 3600 seconds (or 1 hour) then
remove the block.
----- Original Message -----
From: "Keith Johnson" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Friday, May 20, 2005 4:08 PM
Subject: RE: [IMail Forum] SMTPD Memory usage
> Dan,
> What scripts were you referring to that was posted here for
> BlackICE? Are you running BI Server?
>
> Keith
>
> -----Original Message-----
> From: [EMAIL PROTECTED] on behalf of Dan Horne
> Sent: Thu 5/19/2005 9:32 AM
> To: [email protected]
> Cc:
> Subject: RE: [IMail Forum] SMTPD Memory usage
>
>
>
> I agree that Ipswitch needs to get cracking on fixing the issue, but
if
> you want it to stop NOW then you can use IMGate/postfix or BlackIce
> Server with the configs that were posted to the list some time back.
> Both methods worked great and Imail is now much happier (we
eventually
> stuck with postfix gateway). I know many people don't want to have
to
> set up a linux/bsd gateway, so BlackIce is an alternative that does
> work. I couldn't wait for Ipswitch to figure out the problem (which
> they still haven't done, I guess).
>
> Postfix on FreeBSD can be set up on a low-end box (ours is
300mhz/190MB
> RAM/10GB HD). We do not use Len's IMGate config, we prefer to let
> Declude/Sniffer do all the spam filtering. It rejects well over
100,000
> dictionary attempts per day (we only actually process less than
20,000
> in Imail, of which close to 80% are flagged as spam). In comparison,
> Imail was needing daily reboots before the gateway was put in, and it
is
> running on dual 2.4Ghz/1G RAM/separate mirrored spool, system and
> mailbox drives. It isn't ideal (again, Ipswitch should fix the
> problem), but if you can't wait for Ipswitch, then you need to do one
of
> the above or dump Imail.
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Matrosity Tech
> Support
> Sent: Thursday, May 19, 2005 9:01 AM
> To: [email protected]
> Subject: Re: [IMail Forum] SMTPD Memory usage
>
> I'm sure this is contributing to the problem as most of us are under
> dictionary attacks at some point in the day. My concern is that the
smtp
> service isn't releasing the memory.
>
> Dan Horne wrote:
>
> >Could this be the result of excessive dictionary attacks? Even with
> >8.2's new feature to protect from these, if the attacks are
distributed
>
> >across many IP addresses it could still bog down your server. When
it
> >was happening to us, I didn't check smtpd32's mem usage, but I do
know
> >that our server needed a reboot almost daily because it would slow
down
>
> >until it couldn't process any more mail at all. Search your logs
for
> >"invalid user" and see how many hits you get. Just a thought.
> >
> >-----Original Message-----
> >From: [EMAIL PROTECTED]
> >[mailto:[EMAIL PROTECTED] On Behalf Of Matrosity
> >Tech Support
> >Sent: Wednesday, May 18, 2005 4:55 PM
> >To: [email protected]
> >Subject: Re: [IMail Forum] SMTPD Memory usage
> >
> >No! good
> >Which version are you running? 8.2 HF1
> >What OS? Win2K SP4
> >What kind of hardware? Dell
> >How long does it run before needing a reboot? not consistent but ram
> >usage grows above 100 MB's in about 2 hrs
> >
> >for 8.2 you should see memory between 6 and 20 mb for smaller
installs
> >but it can grow to 60 - 120 mb for a very very active server where
many
>
> >users are sending very large attachments. But the mem usage should
> >drop back down to between 10 and 20 mb during low usage times.
> >
> >memory never drops down
> >
> >BTW, is there a 'nobody' alias on one of your domains? Or do you
have a
>
> >lot of mail going to one mailbox? This could cause temporary spikes
in
>
> >mem usage if that account is receiving mail with a lot of
attachments.
> >
> >only on our domain
> >
> >Another issue that I have seen behavior like that in testing 8.2 is
the
>
> >spool drive needing a chkdisk to clean up bad indexes which can be
> >caused by killing a process while it is creating or deleting a file.
> >The issue is that if the service cannot create the spool files the
> >threads will block trying to do that and you will see memory grow,
the
> >thread count grow beyond your Max setting (default 60) and the
server
> >once all the worker threads are blocked, does not do anything until
you
>
> >kill it. But killing it does not solve the problem, running chkdsk
/r
> >does in this case. Defragging is good and should be done often but
> >does not address this particular issue.
> >
> >We're degragging every 4 hours
> >
> >
> >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> >List Archive:
> >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
> >
> >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> >List Archive:
> >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
> >
> >
> >
> >
>
> To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> List Archive:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
>
> To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
>
>
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
<<winmail.dat>>
