|
Home > Archive > IIS and SMTP > May 2004 > SMTP IPSecurity
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Stephany 2004-05-04, 8:35 pm |
| I have operating, quite happily, a number of SMTP event sinks using the
SMTPInCommand and ISMTPOnArrival interfaces.
The object is to stop the result of the spate of domain spoofing that is
currently doing the rounds.
The sinks, as well as other things, gather various information for analysis
purposes.
One of the patterns that has been identified is that a 'spam' source, as as
result of a rejected connection will try to reconnect a substantial number
of times at a higher frequency than could be expected form a bona fide mail
server.
I have seen as many as 5000 attempts per hour over an extended time frame,
which of course, puts a load on the SMTP server to process the connection to
the point where it can reject it with a 550 (the RCPT event).
Once the 'nasty' source IP Address has been identified it can be entered
into the SMTP IPSecurity deny list so that the SMTP server will not accept a
connection from it.
What I would like to do is programatically add the address to the deny list,
but have not been able to figure out how to do this.
The machine is question is running Windows 2000 Server (SP4) with Exchange
Server 2000 (SP3) and the dev. tools of choice are C# or VB.NET (VS 2003).
Can anyone provide a code fragment that will point me in the right
direction?
| |
| Ralf Ziller 2004-05-11, 5:42 pm |
|
"Stephany" <nospam@localhost> schrieb im Newsbeitrag
news:Od$6xjjMEHA.2716@tk2msftngp13.phx.gbl...
> What I would like to do is programatically add the address to the deny
list,
> but have not been able to figure out how to do this.
>
> The machine is question is running Windows 2000 Server (SP4) with Exchange
> Server 2000 (SP3) and the dev. tools of choice are C# or VB.NET (VS 2003).
>
> Can anyone provide a code fragment that will point me in the right
> direction?
The following C#-code uses System.Management, System.DirectoryServices and
System.Reflection
DirectoryEntry SMTPServer = new
DirectoryEntry("IIS://localhost/SMTPSVC/1");
SMTPServer.RefreshCache();
object oIPSecurity = SMTPServer.Invoke("Get", new string[]{"IPSecurity"});
Type t = oIPSecurity.GetType();
//Get the list of denied IPs
Array IPs = (Array)t.InvokeMember("IPDeny",
BindingFlags.GetProperty, null, oIPSecurity, null);
//create a new Array of IPs
object[] newIPs = new object[IPs.Length+1];
//copy the existing IPs to the new Array
IPs.CopyTo(newIPs,0);
//add a new value
newIPs.SetValue("192.168.0.21",IPs.Length);
//Set the new IPlist
t.InvokeMember("IPDeny",
BindingFlags.SetProperty, null, oIPSecurity, new object[]{newIPs});
SMTPServer.Invoke("Put", new object[]{"IPSecurity", oIPSecurity});
SMTPServer.CommitChanges();
| |
| Stephany 2004-05-11, 11:36 pm |
| Thank you very much Ralf. That works a treat.
Addresses added via this mechanism certaily appear in the IIS Metabase and
the SMTP server blocks them, but they do not appear when viewed via the SMTP
properties interface in Exchange System Manager.
Can anyone throw any light why this should be?
"Ralf Ziller" <msmarv@dodgethis.de> wrote in message
news:O78uOEuNEHA.3264@tk2msftngp13.phx.gbl...
>
> "Stephany" <nospam@localhost> schrieb im Newsbeitrag
> news:Od$6xjjMEHA.2716@tk2msftngp13.phx.gbl...
> list,
Exchange[vbcol=seagreen]
2003).[vbcol=seagreen]
>
> The following C#-code uses System.Management, System.DirectoryServices and
> System.Reflection
>
> DirectoryEntry SMTPServer = new
> DirectoryEntry("IIS://localhost/SMTPSVC/1");
> SMTPServer.RefreshCache();
> object oIPSecurity = SMTPServer.Invoke("Get", new string[]{"IPSecurity"});
> Type t = oIPSecurity.GetType();
> //Get the list of denied IPs
> Array IPs = (Array)t.InvokeMember("IPDeny",
> BindingFlags.GetProperty, null, oIPSecurity, null);
> //create a new Array of IPs
> object[] newIPs = new object[IPs.Length+1];
> //copy the existing IPs to the new Array
> IPs.CopyTo(newIPs,0);
> //add a new value
> newIPs.SetValue("192.168.0.21",IPs.Length);
> //Set the new IPlist
> t.InvokeMember("IPDeny",
> BindingFlags.SetProperty, null, oIPSecurity, new object[]{newIPs});
> SMTPServer.Invoke("Put", new object[]{"IPSecurity", oIPSecurity});
> SMTPServer.CommitChanges();
>
>
|
|
|
|
|