[Mimedefang] [OT] Advice for RFC1123 5.2.9
David F. Skoll
dfs at roaringpenguin.com
Wed Jun 25 09:34:00 EDT 2003
On Tue, 24 Jun 2003, Michael C. Hanson wrote:
> First, I realize that RFC1123 5.2.9 requires the acceptance of from "<>"
> With that said, I'm looking for advice on how to handle the following:
[Dictionary attack from <>]
The sender "<>" should never issue more than one RCPT command per
message. (OK, this is not completely true -- aliases and mailing lists
can complicate things, but it's almost always true.)
Therefore, I believe it's kosher to terminate the connection if <>
issues two RCPT commands for a given message, and possibly firewall off
the host for 15-30 minutes.
In MIMEDefang, you can detect more than one RCPT command in filter_recipient
by comparing $recipient to $first. If they're different, then this is not
the first RCPT command.
Unfortunately, Milter has no way to tell Sendmail to terminate a connection.
You'd have to write Perl code to firewall off the machine or edit your
access file, as you mentioned.
Regards,
David.
More information about the MIMEDefang
mailing list