[Mimedefang] Rejecting Mails for More Than 3 Unknown Users

Paul Murphy Paul.Murphy at argentadiscovery.com
Tue Mar 27 04:56:30 EDT 2007


>    Hi.  This is imacat from Taiwan.  Is it possible to reject mails for
> more than 3 unknown users, to fight against dictionary attacks?

Yes.
 
>    1. In filter_recipient(), if there are already 3 unknown recipients,
> drop all the following recipients.

That's how I do it - in filter_recipient, retrieve the recipient count from a status file in the working directory, update it with a bad/good increment based on your rules, and then check whether the bad recipients are now more than 2.  If so, bounce the whole message, even if we had some valid recipients.

>     2. In case of a mail got through because a valid user is the first
> one in 20 tries, in filter_begin() check that more than 3 recipients are
> rejected and reject this mail.

As above - you have to track the recipient counts in filter_recipient, and then act on it.  Since you can bounce in filter_recipient, why waste the bandwidth to receive a message which you should already know you are going to bounce?
 
Code snippets attached below - your implementation will be different, so check these carefully, and make sure you define your own function or test to indicate whether an address is valid.
 
Paul.
 
 
in filter_recipient():
 
# check if we've seen any previous recipients
open(DATA,"./recips");
$scores=<DATA>;
@lines=split / /,$scores;
if (defined $lines[0] )
  {
  $badrcpt=$lines[0];
  }
else
  {
  $badrcpt=0;
  $goodrcpt=0;
  }
if (defined $lines[1] )
  {
  $goodrcpt=$lines[1];
  }
else
  {
  $goodrcpt=0;
  }
close(DATA);
                                                                                      
# How many recipients so far?  History plus this current one...                       
$count=$badrcpt+$goodrcpt+1;
 
# if there have been more than 3 bad recipients, drop the connection now              
if ( $badrcpt > 3)   {                                                                                   
  md_syslog('info', "MDLOG,$MsgID,bad_recipients,0,$ip,$sender,$recipient,?");        
  return("REJECT","Too many bad recipients");                                         
  }
 
#check recipient is one of our addresses                                            
if (! valid_user($recipient))                                                             
    {                                                                                 
    md_syslog('info', "MDLOG,$MsgID,bad_recip,0,$ip,$sender,$recipient,?");           
    $badrcpt++;                                                                       
    open(DATA,">recips");                                                             
    print DATA "$badrcpt $goodrcpt\n";                                                
    close(DATA);                                                                      
    return("BOUNCE","Invalid user address");                   
    }                                                                                 
else                                                                                
    {                                                                                 
    $goodrcpt++;                                                                      
    open(DATA,">recips");                                                             
    print DATA "$badrcpt $goodrcpt\n";                                                
    close(DATA);                                                                      
    }                                                                                 
   
-- 

-------------------------------------------------------
Paul Murphy
Head of I.T.
Argenta Discovery
Tel. 01279 645 554
Fax. 01279 645 646





More information about the MIMEDefang mailing list