We have our relay set to require authentication. Unfortunately spammers are still trying to connect and send email through our servers. The system logs a huge number a failed authentication attempts in the SMTP Activity logs. They are just trying to relay with random email accounts on our domain.
I know we can block IP's, but because we are using a load balancer, all the IP's that come in are the same, based on what the load balancer is connecting with.
What's the recommended method here for stopping spammers from even attempting to relay or do we just have to live with it?
Suggestions Blocking Spammers when SMTP is Load Balanced
-
Admin
- Site Admin
- Posts: 1127
- Joined: Mon Jun 10, 2002 6:31 pm
- Location: Melbourne, Victoria, Australia
Re: Suggestions Blocking Spammers when SMTP is Load Balanced
Since the sending IP address is the same, there isn't really an easy way you can prevent the authentication attempt, since there is not much information know about the connection before the auth attempt. What you could do is prevent any authentication on port 25. So only allow authentication attempts on an alternate port. Normally you won't see much of this from spammers.
