I'll run this up the wire and get a discussion on it from management. In the meantime, I've been greping the logs and finding the most obvious offenders and will block them. Just for example this is the last one in my list of 50 worst offenders :0
They tried 4034 times to auth as a particular user 4034 24.158.70.52 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Len Conrad Sent: Thursday, September 11, 2008 5:20 PM To: [email protected] Subject: Re: [IMail Forum] Failed Authentication >We are having a problem were one of our accounts is constantly being >"tested" to send email through. The password has been changed & now we >have 100's of IP's from all over trying to access this account. I would >ban the IP's but there are too many of them. The log is showing FAILED >authentication [EMAIL PROTECTED] Any built in features to block these >attempts? If your network setup permits it, block Internet access to Imail port 25, creating a choke point for SMTP non-AUTH traffic elsewhere. Allow Internet access to port 587 where SMTP AUTH is required as the submission port. 587 is more efficient for disconnecting attackers who don't do SMTP AUTH than port 25 mail relay port. Telnet to 587 and see how quickly it disconnects vs telnetting to port 25. This won't stop the DDoS attack, but should allow Imail to handle it more efficiently vs port 25. Here's a couple configs where IMGate is the Internet SMTP relay choke point, and how firewall redirects: http://www.imgate.net/?page_id=83 http://www.imgate.net/?page_id=87 Roamers have nothing to change, since they continue connecting to Imail:25 to submit, but are actually redirected to Imail:587, or they can hit Imail:587 directly. Len __________________________________________ www.IMGate.net IMGate Mail Firewall To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html -- [This E-mail scanned for viruses by SolidSpace Anti Virus Service] To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html
