One of the startling discoveries waiting for an organisation that connects it's computers
to the Internet is the shear number of hackers probing for open servers.
They're not out to get you personally, they've no idea who you are.
But they continually scan ranges of IP addresses looking for a response.
By and large they mean no harm, they simply want to hijack your servers and network
bandwidth for their own use.
But there are others who look to exploit flaws in the more popular server software
and infect servers with viruses or simply crash the system.
The attacks are fully automated.
If your server allows them in once, a deluge will follow.
If your server routinely denies access the probes will fall back to a background level.
Our interest here in mail servers. The attackers are usually spammers who seek to use your server to deliver their mail. By specifying multiple recipients, a spammer can send one mail message to your server and have your server and your network connection deliver the same item dozens of times. And, by careful manipulation of the mail headers, the mail cannot be traced back to it's origin but it might be traced back to you. It will generate large volumes of traffic on your server and network connection and will probably provoke a response from your ISP.
Because the spammers are not interested in you personally, i.e. they're not trying
to get into your system and read your mail, they can be defeated with basic
security measures.
Simply requiring clients to authenticate themselves to your mail server is sufficient.
Apart from spending load'sa money, what are your options?
|