Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
695
Views
0
Helpful
3
Replies

SMTP IDS Spam

hoomanp
Level 1
Level 1

‎10-13-2001 09:50 AM - edited ‎03-08-2019 08:52 PM

I have setup the SMTP audit on my C3640 but I still have several spaming IPs and my mail server keep droping those e-mail relay.

I add up the

ip audit smtp spam 25 and

ip audit name Audit.1 attack action

But still some one spams.

07:47:55: %SEC-6-IPACCESSLOGP: list SEC permitted tcp 216.164.232.13(1541) -> 21

3.29.68.7(25), 6 packets

any commets?

Labels:
0 Helpful
3 Replies 3

hcombee
Level 1
Level 1

‎10-22-2001 05:13 AM

can't you stop the spam at the mailserver?

0 Helpful

thomas.chen
Level 6
Level 6

‎10-22-2001 09:12 AM

This is IDS that is generating the SPAM?

0 Helpful

scircular
Level 1
Level 1

‎10-27-2001 01:23 PM

hi,

i am wondering what you try to achieve.

with 'ip audit smtp spam 25' you tell the router that the max. number of recipients is 25.

until that limit is reached every mail is accepted and so the log entry is ok.

you can't configure the router for anti-relaying.

(sorry, you can: acl to prevent certain ip-addresses to send mail to your server, but that's another thing)

the number of recipients is the only indicator for the router to 'assume' a spam attack.

according to the cisco ios documentation:

3106 Mail Spam (Attack, Compound)

Counts number of Rcpt to: lines in a single mail message and alarms after a user-definable maximum has been exceeded (default is 250).

regards

ralf krist

0 Helpful
Customers Also Viewed These Support Documents