[Mimedefang] OT Sendmail bad addresses

Kevin A. McGrail kmcgrail at pccc.com
Wed Oct 27 19:08:12 EDT 2004


I've seen the same thing and I've been thinking about this for a while.

My plan when time permits would be to augment the daemon I've been working
on
(http://www.peregrinehw.com/downloads/sendmail/current-8.12.X/untarred/contr
ib/poprelay-RCPT_Throttle/) to have a temporary DB and to add an entry that
expires in a minute or two and if we get more than say 5 bad rcpts in under
2 minutes, we add them to the iptables blocking feature that is already
implemented for BAD RCPT THROTTLE notices.

However, perhaps you have the knowledge to work on it as well from this
starting point.

Regards,
KAM
----- Original Message ----- 
From: "Button, Shawn" <sbutton at dtjboulder.com>


> We throttle invalid address attempts:
>
> define(`confBAD_RCPT_THROTTLE', `3')dnl
>
> But we are seeing more and more the same tactic used across multiple
> e-mails (1 per bad address) from the same mail server over about a 5
> second interval.
>
> Is there another option that we could use to throttle or dump if we
> receive a number of bad addresses from the same mail server or IP?
=




More information about the MIMEDefang mailing list