[Mimedefang] Need advise on how to proceed.
Brian McGraw
bjm25 at drexel.edu
Fri Jun 11 10:25:31 EDT 2004
Hello list,
I need some advise on how to proceed. My organization has been getting
crushed by dictionary (or Rumplestiltskin, if you will) attacks. Up
until about two weeks ago, the situation was manageable. But now, the
volume of traffic is growing out of control. The attacks are beginning
to slow down not only our mail server, but the company's T-1, as well.
I just recently starting using a DNSRBL to help filter traffic, but I'm
not sure that it is really helping. I guess what I really need to know is:
1. When does the DNSRBL checking happen?
I've integrated the checks into Sendmail, not MD or SA.
2. Do the DNSRBL checks happen before, or do they prevent, Sendmail from
checking to see whether the recipient addresses of real or not?
The reason I ask is that I believe a large part of what is slowing us
down is all the "User unknown" replies generated by the dictionary
attacks. Turning off the replies is not an option, unfortunately. Also,
if a spammer sends a piece of mail with 50 people CC'd, and the DNSRBL
decides that sender is a spammer, does the rejection error get sent to
the sender once, or once for each person he CC'd?
I've also tried using the throttling technique in Sendmail to slow these
attacks, but it doesn't really seem to have helped. Is there anything
I'm missing? Are there any options available in MD to help put a stop
to the attacks?
THanks for any help,
Brian
More information about the MIMEDefang
mailing list