[Mimedefang] dictionary attacks looking for a valid user
Alex Moore
asmoore at edge.net
Thu Dec 15 16:05:45 EST 2005
I have not seen this topic discussed. BTW, I appreciate the recent
thread on greylisting.
Spammer scenario:
A spammer tries many times to find a user with something like a
dictionary attack or a list of commonly used user names.
How can I setup a rule in MIMEDefang to define those transactions? Say
when a smtp server tries 10 times within a short time period and is sent
a 550 code each time. I think that it would appropriate to have MD just
blacklist that address. Is that possible? I want to ignore them
completely after this event has occurred.
Ideas?
Thanks, Alex
--
More information about the MIMEDefang
mailing list