Software602 Home . products . download . support . register . how to buy . . view cart . . . contact us . . . .
Software602 Home . . . . . .
. .
.
.
Software602 Login
E-mail:
Password:
forgot?
.
Support Home .
.
User Forum .
.
Knowledge Base .
.
Submit Ticket .
.
View My Tickets .
.
. .
.
602LAN SUITE 2004 User Forumforum home | rss | search | terms of use
BackBack to 602LAN SUITE 2004 Forum
Add New TopicAdd New Topic
Post ReplyPost Reply
Non-Stop SMTP attacks
  Posted by  Rick Armstrong  on Wednesday, August 18, 2004 at 11:40:38 AM (EST)
Hello,

We are currently experiencing occurrences where a particular external computer outside our network is attempting to send e-mails through our server using spoofed addresses.

I would guess this a result of the remote computer having a virus on their computer. The messages are blocked, but the server still goes through the process of responding, and logging each attempt.

Is there a way to deny their IP outright so that any further attempts are ignored?

If we could find the source, they could remove the virus, but without knowing the source our options are limited.
  Posted by Robert Smith  on Thursday, August 19, 2004 at 10:15:50 AM (EST)
There really is no way to block this except to block it at the firewall or an IP filter rule. You could create a rule to deny access to port 25 from the particular IP address.

The firewall would deny access to port 25 from that specific address, and the IP filter would reject the ability to relay mail from that address. In the IP filter's case, you would see the connection in the log file but it would be rejected. In the case of the firewall rule, you wouldn't even see the connection.

The only downside to this is you could end up with hundreds of addresses in your IP filter/firewall rules because spammers tend to use a lot of different servers when sending their garbage out. Additionally, you may end up blocking a legitimate server that is just an open relay at the moment..so you should take these things into consideration before blocking the servers.

If it were me, I'd probably go with the firewall rules. You can use the instructions provided on the Feb. 2004 Tips and tricks (second part of the tip):

http://www.software602.com/products/ls/tips/archive/feb2004.html

Just edit the "SMTP connection to this computer" rule instead of the "WWW" rule, and make sure you use port 25 instead of 80..
BackBack to 602LAN SUITE 2004 Forum
Add New TopicAdd New Topic
Post ReplyPost Reply
.
. . .
.
  © 2009 Software602, Inc. All rights reserved.