[Mimedefang] Rejecting Mails for More Than 3 Unknown Users

Paul Murphy Paul.Murphy at argentadiscovery.com
Tue Mar 27 09:35:50 EDT 2007

>>> Joseph Brennan brennan at columbia.edu> 27/03/2007 13:40 >> ( mailto:brennan at columbia.edu> )
> Put this in sendmail.mc and generate sendmail.cf.  Test it.
> SLocal_check_rcpt
> R$*                 $: $1 $| $( arith l $@ $&{nbadrcpts} $@ 3 $)
> R$* $| FALSE        $#error $: 450 Too many bad recipients

> This says, after we have seen 3 bad recipients, we give 450 "Too many
> bad recipients" to all remaining recipients.

As usual, the direct Sendmail solution is:
- simple (if you know how)
- inelegant (I defy anyone to work out the .cf file syntax without major brainwashing)
- inflexible
I do it all in MIMEDefang because I want to record the sender and IP address into a database with all of my other status information so I can report on the prevalence of this sort of attack, and also because I want to be able to take action based on persistent dictionary attacks, such as firewalling the sending IP address for some time...
YMMV, however.
Paul Murphy
Head of I.T.
Argenta Discovery
Tel. 01279 645 554
Fax. 01279 645 646

More information about the MIMEDefang mailing list