[Mimedefang] Validate users before scanning?
Kevin A. McGrail
kmcgrail at pccc.com
Thu May 19 11:13:30 EDT 2005
We have been blocking entire IPs for 90 minutes since August of last year
for 2 bad rcpts using the bad_rcpt_throttle feature and a daemon that
monitors the maillog. We have not had one single complaint and it's been
rolled out pretty pervasively!
The blocking of course is a tempfail so I would suggest a reject 4.7.1 or
whatever.
Regards,
KAM
> The catch is that the count is necessarily one behind.
>
> Send to 1st bad recipient: nbadrcpts = 0 so far, so OK
> Send to 2nd bad recipient: nbadrcpts = 1 so far, so OK
> Send to any 3rd recipient: nbadrcpts = 2 so far, so reject
>
> So the reject could happen on a valid recipient. Still this might
> be useful in stopping dictionary attacks.
>
> The number 2 seems too small.
>
> In a milter, we could more easily write conditions around this rule.
More information about the MIMEDefang
mailing list