[Mimedefang] Re: dictionary attacks looking for a valid user
Kelson Vibber
kelson at speed.net
Thu Dec 29 15:23:25 EST 2005
Joseph Brennan wrote:
> To some extent I've reduced the problem with--
> define(`confBAD_RCPT_THROTTLE', `2')
> --in sendmail.mc, cutting down on how many addresses they can check.
> The concept was that zombies don't queue and re-try. However our logs
> recently have evidence that now they do re-try.
Um.... that doesn't cut them off after two hits, it just causes the
server to pause before acknowledging each subsequent recipient the
client asks for in that session.
It ties up the attacker's resources a bit longer, and it cuts down on
the amount of your bandwidth that they suck.
There is also confMAX_RCPTS_PER_MESSAGE, which limits the total number
of recipients any message can target. But that includes valid recipients.
--
Kelson Vibber
SpeedGate Communications, <www.speed.net>
More information about the MIMEDefang
mailing list