[Mimedefang] Dictionary attacks, NDRs etc..
David F. Skoll
dfs at roaringpenguin.com
Fri Dec 5 14:31:34 EST 2003
On Fri, 5 Dec 2003 Matthew.van.Eerde at hbinc.com wrote:
> Here's an idea - detect dictionary attacks and return 550's for *every*
> email address once an attack has been detected.
I think it would be much better to return "200 OK" for every e-mail
address, even though you have no intention of actually accepting the
e-mail. That way, the dictionary harvester thinks he (or she) has
hit the motherlode! :-)
Actually, to make it more realistic, you'd want to issue a 550 code
with probability 0.95, and a 200 code with probability 0.05. That's
enough to keep the harvester encouraged and fill his harvest with
junk, but not so positive that he suspects he's being tricked.
Unfortunately, the Milter interface does not let you convert a 500 code
into a 200 code for a nonexistent local user, so you can only play this
trick if your MD box relays all mail elsewhere.
Regards,
David.
More information about the MIMEDefang
mailing list