>We are having a problem were one of our accounts is constantly being >"tested" to send email through. The password has been changed & now we >have 100's of IP's from all over trying to access this account. I would >ban the IP's but there are too many of them. The log is showing FAILED >authentication [EMAIL PROTECTED] Any built in features to block these >attempts?
If your network setup permits it, block Internet access to Imail port 25, creating a choke point for SMTP non-AUTH traffic elsewhere. Allow Internet access to port 587 where SMTP AUTH is required as the submission port. 587 is more efficient for disconnecting attackers who don't do SMTP AUTH than port 25 mail relay port. Telnet to 587 and see how quickly it disconnects vs telnetting to port 25. This won't stop the DDoS attack, but should allow Imail to handle it more efficiently vs port 25. Here's a couple configs where IMGate is the Internet SMTP relay choke point, and how firewall redirects: http://www.imgate.net/?page_id=83 http://www.imgate.net/?page_id=87 Roamers have nothing to change, since they continue connecting to Imail:25 to submit, but are actually redirected to Imail:587, or they can hit Imail:587 directly. Len __________________________________________ www.IMGate.net IMGate Mail Firewall To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html
