[Mimedefang] dictionary attacks looking for a valid user
Paul Whittney
pwhittney at net.arrivetech.com
Thu Dec 15 22:08:55 EST 2005
Little off the topic here..
On Thu, Dec 15, 2005 at 10:49:20PM +0100, Jan Pieter Cornet wrote:
> An easier solution might be to have a process tail(1) your logfile and
> take action on the information there. I think I've even seen something
> like that: more than x invalid recipients, and you're firewalled away.
I've been thinking about that, but it was more for a realtime iptables,
or realtime email monitoring for stats that doesn't involve "tail the
whole log", or "open log every 5 minutes". Perhaps this can be used here;
syslog to a pipe, open the pipe in a process as read/write (doesn't stop
the reading when logrotate and friends move the files, and restart syslogd,
following from the Unix Programming books by R.Stevens). I was going to
thread a perl process to count lines that matched "filter_end" or "bad-helo"
and get rrdtool/mrtg to pull data from that process. The speed I'm going,
someone might be able to get this implemented before I look up embedding
perl ;=P.
Not sure if its useful or not...
Also, doesn't sendmail cope with rcpt/connection flooding? (Sorry, not got
to the rest of the thread).
-Paul
--
Paul Whittney ArriveTech, Inc.
Network Specialist / Systems Engineer / |670 West 36th Street,
/--|Erie, PA, 16508, USA
PWhittney [at] arrivetech.com (Main) / |www.arrivetech.com
PWhittney [at] net.arrivetech.com (Aux) / |Tel: 814 868 3306
More information about the MIMEDefang
mailing list