Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SMTP IDS Spam

I have setup the SMTP audit on my C3640 but I still have several spaming IPs and my mail server keep droping those e-mail relay.

I add up the

ip audit smtp spam 25 and

ip audit name Audit.1 attack action

But still some one spams.

07:47:55: %SEC-6-IPACCESSLOGP: list SEC permitted tcp 216.164.232.13(1541) -> 21

3.29.68.7(25), 6 packets

any commets?

3 REPLIES
New Member

Re: SMTP IDS Spam

can't you stop the spam at the mailserver?

Silver

Re: SMTP IDS Spam

This is IDS that is generating the SPAM?

New Member

Re: SMTP IDS Spam

hi,

i am wondering what you try to achieve.

with 'ip audit smtp spam 25' you tell the router that the max. number of recipients is 25.

until that limit is reached every mail is accepted and so the log entry is ok.

you can't configure the router for anti-relaying.

(sorry, you can: acl to prevent certain ip-addresses to send mail to your server, but that's another thing)

the number of recipients is the only indicator for the router to 'assume' a spam attack.

according to the cisco ios documentation:

3106 Mail Spam (Attack, Compound)

Counts number of Rcpt to: lines in a single mail message and alarms after a user-definable maximum has been exceeded (default is 250).

regards

ralf krist

108
Views
0
Helpful
3
Replies