Hmmm....looks like you can't have it both ways....can't lock it down to only allow traffic from the barracuda is you want your users to be able to send through it as well.
I would suggest setting up a separate outgoing-only SMTP server that authenticates appropriately, then allow traffic from both it and the barracuda in IMail's SMTP security. Darin. ----- Original Message ----- From: "Grant Griffith" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 24, 2004 9:49 AM Subject: RE: [Declude.JunkMail] Blocking Dictionary Attacks The Barracuda Firewall is an incoming only server, not able to use it to send out messages. I still have Declude running on the Imail box to catch anything the Barracuda might miss. Thanks, Grant Griffith EI8HT LEGS, A Division of ETC (877)483-3393 (812)933-5390 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, November 24, 2004 9:45 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Blocking Dictionary Attacks Hmmm...are your users trying to send to your Barracuda box, or your IMail server? Seems to me they should be sending to your Barracuda. Obviously by locking the IMail server down, you're not allowing them to send directly to it anymore. Darin. ----- Original Message ----- From: "Grant Griffith" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 24, 2004 9:21 AM Subject: RE: [Declude.JunkMail] Blocking Dictionary Attacks I am denying access to all except for the barracuda IP. I did restart the service after making the change. I am running 8.14 if that matters. Thanks, Grant Griffith EI8HT LEGS, A Division of ETC (877)483-3393 (812)933-5390 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, November 24, 2004 9:24 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Blocking Dictionary Attacks Are you granting access or denying access? BTW, you will probably need to restart SMTP after changing this. Darin. ----- Original Message ----- From: "Grant Griffith" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 24, 2004 8:21 AM Subject: RE: [Declude.JunkMail] Blocking Dictionary Attacks If I set the IP of our Barracuda in there, then no users can send from Outlook regardless if they are using Authentication or not. Thanks, Grant Griffith EI8HT LEGS, A Division of ETC (877)483-3393 (812)933-5390 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, November 23, 2004 9:40 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Blocking Dictionary Attacks IMail Administrator, SMTP Service, Security tab, Control Access button. Darin. ----- Original Message ----- From: "Grant Griffith" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, November 23, 2004 9:14 AM Subject: RE: [Declude.JunkMail] Blocking Dictionary Attacks OK, I am going to jump in here as I would like to know how to tell the server to only accept email from the gateway, but also still allow users to send if they authenticate. I know this might be obvious, but I have not found a way to do this. Thanks, Grant Griffith EI8HT LEGS, A Division of ETC (877)483-3393 (812)933-5390 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, November 23, 2004 8:59 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Blocking Dictionary Attacks A gateway is the only solution I know of for distributed dictionary attacks. Since the attacks are coming from all over the place, there's no IP to block. All the gateway does is move the brunt of the attack off of the primary mail server to the gateway server. The gateway server should then become your primary MX record, replacing your existing server, and the "real" primary should be locked down to only receive SMTP traffic from your gateway. That way attackers who cache your MX records won't be able to continue to hit it. Darin. ----- Original Message ----- From: "Don Schreiner" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, November 23, 2004 5:20 AM Subject: [Declude.JunkMail] Blocking Dictionary Attacks Are there any new strategies for blocking dictionary attacks with Declude? Our log files are growing and mostly due to the following stacking up it seems a zillion times over... ERR MAIL.DOMAIN.NET invalid user We have used BlackIce for years and helps a lot for those that try X number SMTP fails in X seconds, but does not handle all these invalid user attempts. I searched archives and found good thread back in March this year "How do they do it?" and Scott replied a Declude solution may be possibly forthcoming. We only handle about 15k messages a day and small shop. Len's IMgate or another Postfix gateway solution I know would be best - but not affordable for us right now installing and managing a separate Linux box. It is difficult for me to keep up-to-date with daily posts, so wondering if any new strategies I might have missed. Thanks! -Don --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
