SMTP Attack

Notes/Domino 8 Forum

Subject: SMTP Attack

Feedback Type: Problem

Product Area: Domino Server

Technical Area: Security

Platform: Windows 2003 server

Release: 8.0.2

Reproducible: Always

Hi to everybody
I have some issues with my Lotus Domino Server, we have more than a week with many smtp incoming traffic from outside, we block more than 5000 Ip addresses in our firewall but our Domino server is still receiving smtp traffic from some host, so we start blocking some domains and also enable the option VERIFY CONNECTING HOST IN DNS, now the server looks like this
**********This is when the server not resolve the name in the DNS ********
02/15/2010 12:48:07 PM SMTP Server [1218:0020-0924] Connection from [89.17.31.212] rejected for policy reasons. IP address of connecting host not found in reverse DNS lookup.
02/15/2010 12:48:07 PM SMTP Server: 89.17.31.212 connected
02/15/2010 12:48:09 PM SMTP Server: 89.17.31.212 disconnected. 0 message[s] received
**********This is when the domain is blocked in our server configuration **********
02/15/2010 12:58:05 PM SMTP Server [1218:001C-02CC] Connection from 190-97-204-226.ert.com.co rejected for policy reasons. Connecting host is denied in your configuration.
02/15/2010 12:58:05 PM SMTP Server: 190-97-204-226.ert.com.co (190.97.204.226) connected
02/15/2010 12:58:06 PM SMTP Server: 190-97-204-226.ert.com.co (190.97.204.226) disconnected. 0 message[s] received

Our problem here is that we are still receiving a lot of traffic, the external servers are connecting to our server but they dont deliver a message (0 message [s] received), but is supposed that they are not allowed to connect to our server
How we could stop this?
How we can prevent the connections and the intense traffic.

Regards

Feedback number WEBB82PQ9Y created by ~Frank Preniburakoi on 02/15/2010