Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Email Attacks

Hi Everybody,

I actually have two problems that are related to hacking issues using email:

- Mail-Relay: my client's SMTP server is being used as an SMTP relay to perform attacks or send SPAM on the Internet. This led to the fact that the client has been black-listed and is having problems using his email.

- Mail-Bomb: our server has received a mail-bomb (or what I thought to be a mail-bomb) since he was flooded by emails from several sources in a continuous way, and the received emails were trying to "reproduce" themselves on the server and get sent to new hosts.

- How can I provide a solution that will prevent these attacks or at least minimize their impact?

- Would an host-based IDS prevent any of these attacks from happening?

- Would you recommend a software to be installed on the SMTP server that will protect it from mail-relay and mail-bomb attacks?

Thank you in advance for any assistance.

New Member

Re: Email Attacks

The only way you can prevent yourself from being used as a relay is to properly configure your SMTP Server. If you want to prevent email born viri from attacking and/or propagating itself with your SMTP Server is through the use of a email based anti-virus solution loaded on your server, or passing all traffic through one of the new anti-virus appliances hitting the market now. With the rapid development of worms and their ability to mutate themselves, trying to keep IDS signatures updated rapidly enough would be next to impossible.

My 2 cents.