> I asked about that exact issue. He said that it would be pointless
> to run Black Ice on the backup spoolers because they will accept all
> addresses of a dictionary attack. No errors are reported.
That's only true if you don't make your backup spoolers aware of your
userbase. Best practice
Anyone know of a way to use an external file
to perform a WHITELIST TODOMAIN on more than 200 domains? The manual
mentions using the WHITELISTFILE option in $default$.junkmail, but I assume this
only replaces the need for WHITELIST FROMDOMAIN...which doesn't really
matter since we use a neg
This was discussed earlier. I don't know if these setting work but here is
the discussion.
http://www.mail-archive.com/[EMAIL PROTECTED]/msg06713.html
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.
Warning for anyone thinking of purchasing Logtool. (See Below).
Scott you may want to remove them from your Tools list.
Fred
- Original Message -
From: "Jason Wolfe" <[EMAIL PROTECTED]>
To: "Frederick Samarelli" <[EMAIL PROTECTED]>
Sent: Saturday, January 17, 2004 11:15 PM
Subject: Re: V
Sandy,
I asked about that exact issue. He said that it would be pointless to run
Black Ice on the backup spoolers because they will accept all addresses of a
dictionary attack. No errors are reported. The errors come in when the
backup spooler forwards the messages to the primary server and tho
One problem we've recently had is that a mail server we were trying to send
messages to would die intermittently.. Came to discover there were filters
on their router that when a certain "incident" happened, it blocked
everything from that computer IP for 4 hours.. Maybe this is something
you'd l
> He also had major concerns about backup mail spoolers. He said that
> you have to whitelist your backup spoolers and that will still allow
> the spammer to run their dictionary attacks.
Only if the backups don't run BlackIce. :)
But if _they're_ downselling it, that's interesting.
--Sandy
-
I have no practical solution but you would need something that parses your
SMTP logfile in realtime (like unixtool's tail or the new baretail) and
track occurences of "invalid user" messages. If there are more then X
connection attempts from one single IP in Y minutes causing an invalid user
log e
It's funny but when I do a search for "dictionary" on their site to see how
to configure black ice to guard against dictionary attacks or how it does I
get no results. Can any user of Black Ice point me in the right direction
here??
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAI
I called the Black Ice tech support people today and discussed this issue.
They told me that Black Ice will not stop a dictionary attack that is in
progress, but it would shut the spammer down for a second attempt.
He also had major concerns about backup mail spoolers. He said that you
have to wh
Rick,
I read the "BlackIce" User Guide and various other manuals to see if I want
to pursue this software. Which feature/setting blocks Dictionary SMTP
attacks? I can't seem to find any setting specific to this?
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suit
Are there others suggestion for firewall software for the server. Does
Zonealarm have a server version and if so does it work as well as Black Ice.
Jeff Kratka
*
TymeWyse Internet
P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417
tel/fax: (54
For a firewall, would the regular version of Blackice work ok or is the
Server version needed.
My understanding is that BlackIce Server is the one that is required to
help with dictionary attacks (since it deals with malicious inbound mail
connections, which normally are not a problem with indiv
Server version:
http://blackice.iss.net/product_server_protection.php
~Rick
>
> For a firewall, would the regular version of Blackice work ok
> or is the Server version needed.
>
>
>
___
Virus Scanned and Filtered by http://ww
For a firewall, would the regular version of Blackice work ok or is the
Server version needed.
Jeff Kratka
*
TymeWyse Internet
P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417
tel/fax: (541) 839-6027 - [EMAIL PROTECTED]
I think I've seen reference to a means before by which one can analyze the
Junkmail logs to see which rules or DNSBL's are being most
effective. However, I can't find it again now. The Junkmail config I
have on our Imail server is working well. I've been asked to config
Symantec Antispam fo
Title: Message
Hi there,
I think I've seen
reference to a means before by which one can analyze the Junkmail logs to see
which rules or DNSBL's are being most effective. However, I can't find it
again now. The Junkmail config I have on our Imail server is working
well. I've been asked
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
> >Haven't seen this warning in the JM logs before:
> >
> >Warning: Could not add warning [in] to
M:\IMail\spool\Dadd51cb000ae39f6.SM$.
> >
> >Is this one of those messages that IMail stole before Declude could
finish
> >proc
"I did happen to talk to DigiHost yesterday and was told that they don't
have any real spam filter, but they do have something in place that prevents
dictionary attacks."
Joe..
Check the archives on the topic of Dictionary attacks.. It has been covered
in detail many times.
One product that peop
I'm glad that I'm not the only one with these problems! Not that I like
having the problem, but I thought there must be some kind of undetectable
Trojan on my system letting the spammers know when I add a domain or user.
Misery like company I guess.
I did happen to talk to DigiHost yesterday and
Haven't seen this warning in the JM logs before:
Warning: Could not add warning [in] to M:\IMail\spool\Dadd51cb000ae39f6.SM$.
Is this one of those messages that IMail stole before Declude could finish
processing it?
That is a really strange one -- I don't believe that I have seen it before,
eit
Haven't seen this warning in the JM logs before:
Warning: Could not add warning [in] to M:\IMail\spool\Dadd51cb000ae39f6.SM$.
Is this one of those messages that IMail stole before Declude could finish
processing it?
Bill
---
[This E-mail was scanned for viruses by Declude Virus (http://www.decl
22 matches
Mail list logo