>the script kiddie, so they changed, so we added another one, etc. It
>was interesting that it was from our "own" class A, but not us, we
>are just a subset of a national carrier's allocation here.
He was spoofing his ip address and you haven't blocked ip-spoofing at
your border router.
>Before we did that the data template was doing all the rejecting as
>they were spoofing the "smtpfrom" domain to be one of own
And you were openly relaying for "local domains". You were really
wide open. Tough lesson, huh?
The only secure setting are "relay for addresses" and SMTP AUTH for
all senders/relayers on in the "relay for" address blocks.
You attack would have been totally prevented if had these settings in
place, but you were wide open. Live and learn.
>A SMTP server has to have a _lot_ of capacity to handle unwanted
>traffic as well as the real stuff.
In addition to the security settings above, it's best not to stick
you production mailbox pretty face right up against Internet, but to
use an inbound mail hub or two to catch spam, MAPS lookups, DNS
validations, global filtering, so your mailbox server doesn't get
DoS'ed like yours did.
Len
http://BIND8NT.MEIway.com: ISC BIND 8.2.2 p5 installable binary for NT4
http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways
========================================================================
This list server is Powered by iMS
'The Swiss Army Knife of Mail Servers'
--------------------------------------
To leave this list please complete the form at
http://www.CoolFusion.com/iMS.htm
List archives: http://www.mail-archive.com/infusion-email%40eoscape.com/
========================================================================
