[Mimedefang] New spam technique
Les Mikesell
les at futuresource.com
Mon Jul 5 13:30:22 EDT 2004
On Mon, 2004-07-05 at 09:50, David F. Skoll wrote:
> > Recently spammers verified their mailing list using this SMTP dialogue.
>
> This is an old technique called a "dictionary attack" or "directory
> harvesting".
>
> Sendmail 8.13 has countermeasures, like closing a connection after N bad
> SMTP commands.
I think spammers have adapted by sending only a few addresses at
a time, perhaps from virus-owned zombie relays. I still have
one box running qmail with port 25 open directly to the internet
although it's MX is through a sendmail/mimedefang relay. It
gets thousands of bad-address spams a day hitting its open
port directly but in patterns of 6 or so from any one sender
at a time. The domain is due to be moved elsewhere soon so
I haven't done anything to try to fix the problem yet.
---
Les Mikesell
les at futuresource.com
More information about the MIMEDefang
mailing list