RE: [IMail Forum] SMTP Exploit Scanning Going on NOW - will ASSP protect Imail?

2006-10-26 Thread Jason Loven 
Well if you have ASSP set up for delaying it will likely kick the
connection anyway. It's doubtful these scanners are repeatedly trying
the same host over and over. 

-Jason


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Doug Traylor
Sent: Thursday, October 26, 2006 3:55 PM
To: Imail_Forum@list.ipswitch.com
Cc: assp user list
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW - will
ASSP protect Imail?

> Here's one...
> Using ASSP, should be safe right?

Not necessarily.  That's something I have asked on the ASSP mailing
list. 
ASSP is not a gateway but rather, a proxy so it does eventually pass 
recipient and data information to the SMTP server.  If that happens to
be 
Imail and you don't have ASSP configured correctly, Imail could still be

compromised I believe.  Since this exploit is using the rcpt command and

since ASSP can do recipient validation by both LDAP and flat file, and
can 
be configured to block relaying, I think it will block this exploit if 
configured to do so as it does this validation before sending to the
mail 
server.  Also ASSP can be configured to delay new unknown connections
which 
could frustrate exploitation and it has completely stopped receipt of
virus 
laden emails from infected computers at our site.  We still get the rare

bounce from "legitimate" email servers that get caught by our AV gateway
and 
attachment type blocker.

My question is if the exploit source IP# is allowed through by ASSP and
has 
already given the malicious rcpt command to ASSP, does the exploit
source 
resend the malicious rcpt command that is then answered by Imail, or
does 
ASSP forward the rcpt command to Imail or would ASSP just reject it as 
invalid?

So the answer is, it depends on your configuration.  I believe using the

latest version of ASSP (1.2.5) set up to use all the anti spam and 
connection based protection capabilities will protect Imail from this 
exploit.

Doug Traylor


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW - will ASSP protect Imail?

2006-10-26 Thread Doug Traylor 

Here's one...
Using ASSP, should be safe right?


Not necessarily.  That's something I have asked on the ASSP mailing list. 
ASSP is not a gateway but rather, a proxy so it does eventually pass 
recipient and data information to the SMTP server.  If that happens to be 
Imail and you don't have ASSP configured correctly, Imail could still be 
compromised I believe.  Since this exploit is using the rcpt command and 
since ASSP can do recipient validation by both LDAP and flat file, and can 
be configured to block relaying, I think it will block this exploit if 
configured to do so as it does this validation before sending to the mail 
server.  Also ASSP can be configured to delay new unknown connections which 
could frustrate exploitation and it has completely stopped receipt of virus 
laden emails from infected computers at our site.  We still get the rare 
bounce from "legitimate" email servers that get caught by our AV gateway and 
attachment type blocker.


My question is if the exploit source IP# is allowed through by ASSP and has 
already given the malicious rcpt command to ASSP, does the exploit source 
resend the malicious rcpt command that is then answered by Imail, or does 
ASSP forward the rcpt command to Imail or would ASSP just reject it as 
invalid?


So the answer is, it depends on your configuration.  I believe using the 
latest version of ASSP (1.2.5) set up to use all the anti spam and 
connection based protection capabilities will protect Imail from this 
exploit.


Doug Traylor


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/