[Mimedefang] Re: dictionary attacks looking for a valid user
Alex Moore
asmoore at edge.net
Fri Jan 6 08:46:24 EST 2006
On Thu, 29 Dec 2005 19:02:20 +0200
"Stefan Schoeman" <stefan at internext.co.za> wrote:
> Hi All,
>
> I've found that greylisting takes care of these mining attempts
> anyway. Sure, my greylist database is filled with rubbish, but at
> least it will be cleared in 5 hours' time and the mining attempt
> would not have got a single username right, unless it was re-run 30
> minutes later. With the distributed nature of these mining attempts,
> that is rather unlikely.
My experiences as well Stefan. Since I enabled greylisting with DCC,
all of the dictionary attacks are embargoed and never to be heard
from again.
While I was researching this, a gentleman was kind enough to alert me
to his sendmail patch to add BadRcptKill processing. It is similar to
sendmail's BadRcptThrottle, but drops the connection. I implemented
the feature, but have not had any hits since greylisting takes care of
the problem. Here is the url:
http://www.jmaimon.com/sendmail/patches/badrcpt_shutdown.v1.81301.patch
Alex
More information about the MIMEDefang
mailing list