[Mimedefang] Tarpit for dictionary attacks
Jeffrey Goldberg
jeffrey at goldmark.org
Wed May 21 02:12:01 EDT 2003
On Wed, 21 May 2003 listuser at numbnuts.net wrote:
> [...] If I create a catchall entry in my virtusertable for a domain,
> all mail addressed to any user at that domain that doesn't have their own
> virtusertable entry ends up matching the catchall line and whatever action
> you specify with it. That was simple enough.
Yes, but spammerware is smarter than you think. If you look at logs you
will see that a dictionary attack usually begins with
RCPT TO:<some-unlikely-string at your.dom.ain>
If that gets accepted the probe will figure that you catch everything for
your domain.
Again, I think that the thing to do is to actually set up aliases for
common "guesses". And those you can easily make SPAMFRIENDs
> I already use
>
> FEATURE(`delay_checks', `friend')
>
> With that I have to declare those that I want to bypass the checks.
> Knowing how that works, I'm guessing that the opposite...
>
> FEATURE(`delay_checks', `hater')
>
> ...would let me define those that HATE spam and the rest have no checks
> performed on them. Am I correct in this assumption?
That is my (limited) understanding from the bat book. So yes, you could
do it that way by listing all (most) of your real users as HATERs.
> [...] How do I configure MD to only
> perform checks on mail if the recipient is one of a handful I define.
There was some discussion a few weeks back on "exempting" some users. I'm
fairly sure that some form of the word "exempt" was in the subject line.
-j
--
Jeffrey Goldberg http://www.goldmark.org/jeff/
Relativism is the triumph of authority over truth, convention over justice
Hate spam? Boycott MCI! http://www.goldmark.org/jeff/anti-spam/mci/
More information about the MIMEDefang
mailing list