Hi If you are you using FreeBSD, Please try to use pf instead of IPFW and take advantage of spamd (http://www.openbsd.org/spamd/) spamd is available in FreeBSD ports. Here is some nice examples for you
http://www.ualberta.ca/~beck/nycbug06/spamd/ http://www.ualberta.ca/~beck/nycbug06/pf/ Thanks, Sanjay -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of NeoBlu Sent: Thursday, April 26, 2007 4:30 PM To: [email protected] Subject: [IMGate] Re: Imail POP3 brute force attack SmarterMail accolades aside and returning to my original question, I think I'm going to test the following: 1. Removing Imail's external interface and only utilizing an internal interface thus removing Imail from any direct outside/external connections/attacks. 2. Setting up an external FreeBSD box w/IPFW and a POP3 Proxy (I'm going to try using Courier first) 3. Utilizing IPFW to rate limit by the source IP to something reasonable My thinking is that this would allow legitimate POP3 requests but slow/frustrate brute force attacks. If this works, I would then add an open source webmail solution like Zimbra or RoundCube that utilizes IMAP calls to Imail via the internal network. I've already eliminated Imail's SMTP from public exposure by utilizing my IMGates. Obviously the proxy would need the external IP address that we use in DNS for our customers for POP3 calls. Diagrammed, it would look something like this: | | | ------- External ------------------------ | | | IMGate POP3_Proxy WebMail_via_IMAP | | | ------- Internal ------------------------ | | | | | | --------> IMail <----------- Thoughts? Ideas? -NB
