[Mimedefang] Re: dictionary attacks looking for a valid user
Joseph Brennan
brennan at columbia.edu
Thu Dec 29 20:21:39 EST 2005
--On Thursday, December 29, 2005 12:23 PM -0800 Kelson Vibber
<kelson at speed.net> wrote:
> Joseph Brennan wrote:
>> To some extent I've reduced the problem with--
>> define(`confBAD_RCPT_THROTTLE', `2')
>> --in sendmail.mc, cutting down on how many addresses they can check.
>> The concept was that zombies don't queue and re-try. However our logs
>> recently have evidence that now they do re-try.
>
> Um.... that doesn't cut them off after two hits, it just causes the
> server to pause before acknowledging each subsequent recipient the client
> asks for in that session.
Right. I quoted the wrong section. This is what does it, where
nn.nn.nn.nn are numeric IPs of a few local mailing list hosts that
I am not revealing here:
LOCAL_CONFIG
Karith arith
C{listhost} nn.nn.nn.nn nn.nn.nn.nn
LOCAL_RULESETS
SLocal_check_rcpt
R$* $: $1 $| $&{client_addr}
R$* $| $={listhost} $@ OK
R$* $| $* $: $1 $| $( arith l $@ $&{nbadrcpts} $@ 3 $)
R$* $| FALSE $#error $: 450 Too many bad recipients
Joseph Brennan Columbia University Information Technology
postmaster at columbia.edu
More information about the MIMEDefang
mailing list