[Mimedefang] Blocking Dictionary Attacks
Les Mikesell
les at futuresource.com
Thu Jun 4 18:17:48 EDT 2009
afo cliff wrote:
> Thanks Matt ... now I'm makin copies :)
>
> I need to have a way to stop dictionary attacks ... unless there is a
> better way I was going to extract the TO address and discard the email
> in mimedefang-filter if the user did not exist when compared against a
> database table of valid users. I'd be interested to know the
> preferred way to handle this.
If you are going to maintain the user list, sendmail can reject things
really quickly before even hitting mimedefang if you set up a virtuser
table with a default reject and mappings for all addresses it should accept:
@domain.com error:nouser No such user here
validname1 at domain.com validname1 at delivery.address
etc.
> If this is a "roll your own" situation, then I have a question
> regarding multiple-addressee emails. I plan to use the
> stream_by_domain option. At what point can I look at the email after
> it has been split into individual emails in order to do the database
> comparison?
I'm not sure it even hits filter_recipient in this scenario unless it
has a valid user name. I once made the mistake of running qmail for a
domain and it's habit of accepting everything and later generating
bounces seems to have gotten a whole dictionary attack onto some
validated mail list that must be circulated or sold among spammers. I
don't use that name any more but for years I was rejecting about 50k
messages a day for it. I suppose that's not even a high volume any more...
--
Les Mikesell
lesmikesell at gmail.com
More information about the MIMEDefang
mailing list