[Mimedefang] Re: dictionary attacks looking for a valid user

Alex Moore asmoore at edge.net
Fri Jan 6 08:46:24 EST 2006


On Thu, 29 Dec 2005 19:02:20 +0200
"Stefan Schoeman" <stefan at internext.co.za> wrote:

> Hi All,
> 
> I've found that greylisting takes care of these mining attempts
> anyway. Sure, my greylist database is filled with rubbish, but at
> least it will be cleared in 5 hours' time and the mining attempt
> would not have got a single username right, unless it was re-run 30
> minutes later. With the distributed nature of these mining attempts,
> that is rather unlikely.

My experiences as well Stefan.  Since I enabled greylisting with DCC,
all of the dictionary attacks are embargoed and never to be heard
from again.

While I was researching this, a gentleman was kind enough to alert me
to his sendmail patch to add BadRcptKill processing.  It is similar to
sendmail's BadRcptThrottle, but drops the connection.  I implemented
the feature, but have not had any hits since greylisting takes care of
the problem.  Here is the url:
http://www.jmaimon.com/sendmail/patches/badrcpt_shutdown.v1.81301.patch

Alex




More information about the MIMEDefang mailing list