[Mimedefang] Tarpit for dictionary attacks
Jeffrey Goldberg
jeffrey at goldmark.org
Wed May 21 00:59:00 EDT 2003
On Tue, 20 May 2003 listuser at numbnuts.net wrote:
> I have a number of domains on which I only use a handful of accounts. I
> get probed all the time with Rumplestiltskin attacks (proper pronoun
> dictionary attack). Of course only a handful of users actually exist and
> none of them are variants of any proper pronouns I know of. In the hopes
> of letting the spammers do all the work of seeding my addresses in their
> databases, I'd like any and all dictionary attacks for addresses in a few
> specific domains to always be successful. So when a spammer connects to
> my mail server and tries to confirm if joe@, aaron@, bob@, sally@, etc
> exist, he finds that all of them exist (or perhaps one is randomly denied
> so as to not be too obvious). I also need this mail to be delivered to an
> account ultimately. Can a milter like MIMEDefang assist with that?
Why use MIMEDefang? Just go through your logs for all of these "joe",
"russ", "dan" etc names and set up aliases for them.
And if you don't want to accept them as spam traps, you can use sendmail's
confBAD_RCPT_THROTTLE
to simply slow down when after some configured number of bad guesses.
(I have no thoughts on the other questions you've raised).
-j
--
Jeffrey Goldberg http://www.goldmark.org/jeff/
Relativism is the triumph of authority over truth, convention over justice
Hate spam? Boycott MCI! http://www.goldmark.org/jeff/anti-spam/mci/
More information about the MIMEDefang
mailing list