[Mimedefang] Rejecting Mails for More Than 3 Unknown Users
Paul Murphy
Paul.Murphy at argentadiscovery.com
Tue Mar 27 09:35:50 EDT 2007
>>> Joseph Brennan brennan at columbia.edu> 27/03/2007 13:40 >> ( mailto:brennan at columbia.edu> )
> Put this in sendmail.mc and generate sendmail.cf. Test it.
>
> LOCAL_RULESETS
> SLocal_check_rcpt
> R$* $: $1 $| $( arith l $@ $&{nbadrcpts} $@ 3 $)
> R$* $| FALSE $#error $: 450 Too many bad recipients
> This says, after we have seen 3 bad recipients, we give 450 "Too many
> bad recipients" to all remaining recipients.
As usual, the direct Sendmail solution is:
- simple (if you know how)
- inelegant (I defy anyone to work out the .cf file syntax without major brainwashing)
- inflexible
I do it all in MIMEDefang because I want to record the sender and IP address into a database with all of my other status information so I can report on the prevalence of this sort of attack, and also because I want to be able to take action based on persistent dictionary attacks, such as firewalling the sending IP address for some time...
YMMV, however.
Paul.
-------------------------------------------------------
Paul Murphy
Head of I.T.
Argenta Discovery
Tel. 01279 645 554
Fax. 01279 645 646
More information about the MIMEDefang
mailing list