[Mimedefang] Mail from Yahoo
Ashley M. Kirchner
ashley at pcraft.com
Sun Jan 8 14:20:27 EST 2006
Kevin A. McGrail wrote:
> All I can really say is welcome to the world of dictionary attacks.
> This is par for the course for most of I think on the list.
It's not so much a dictionary attack, at least not to me. They're
all coming to recipients that resemble a message ID, as opposed to some
name like some viruses use. Like, the message SENDER is
simon at yahoo.com, or hugh at yahoo.com, and try to deliver TO
39cfb48a.4880c845 at pcraft.com, which is of course invalid.
I see dictionary attacks as messages that come from one address/one
IP, targeting a random name at our domain. This one is slightly
different. They also come from different IP addresses, so blocking that
sender's IP doesn't have a whole lot of effect because 2 seconds later
it'll be coming from a different one. On the other hand, using
sendmail's access control, I can at least block anything that has
'simon at yahoo.com' as the sender, regardless of where it's coming from.
Granted, there may actually BE a legitimate user 'simon at yahoo.com'...too
bad I say.
Now, if it falls in the same category (a dictionary attack), that's
a different story. :)
--
H | I haven't lost my mind; it's backed up on tape somewhere.
+--------------------------------------------------------------------
Ashley M. Kirchner <mailto:ashley at pcraft.com> . 303.442.6410 x130
IT Director / SysAdmin / WebSmith . 800.441.3873 x130
Photo Craft Imaging . 3550 Arapahoe Ave. #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
More information about the MIMEDefang
mailing list