[Mimedefang] Blocking Dictionary Attacks

afo cliff afocliff at gmail.com
Thu Jun 4 22:30:52 EDT 2009 

Les,

That's a great idea!  I tried it but no matter what I do, sendmail is
letting everything through.  Virtusertable is configured correctly in
sendmail.mc, also did the appropriate makemap.  I think something has
changed in sendmail (I have 8.13.8).  I've searched the world over 10
times and tried many different combinations in virtusertable &
mailertable and no matter what it relays everything.  I know it is
looking at the virtusertable because sendmail lets me know if I put an
error in the file.  The closest I can come is to use the access table
in a similar fashion.  That does work but I can't find a way NOT to
send a reject message.  That's one thing I don't want to do is to tie
up my server sending 10,000 rejects to a zombie somewhere.  If I use
the DISCARD command, then it tosses the whole email and nobody gets
it, even valid users.

Is there some trick to making your suggestion work?

Cliff

On Thu, Jun 4, 2009 at 5:17 PM, Les Mikesell <les at futuresource.com> wrote:
> afo cliff wrote:
>>
>> Thanks Matt ... now I'm makin copies :)
>>
>> I need to have a way to stop dictionary attacks ... unless there is a
>> better way I was going to extract the TO address and discard the email
>> in mimedefang-filter if the user did not exist when compared against a
>> database table of valid users.  I'd be interested to know the
>> preferred way to handle this.
>
> If you are going to maintain the user list, sendmail can reject things
> really quickly before even hitting mimedefang if you set up a virtuser table
> with a default reject and mappings for all addresses it should accept:
> @domain.com error:nouser No such user here
> validname1 at domain.com validname1 at delivery.address
> etc.
>
>> If this is a "roll your own" situation, then I have a question
>> regarding multiple-addressee emails.  I plan to use the
>> stream_by_domain option. At what point can I look at the email after
>> it has been split into individual emails in order to do the database
>> comparison?
>
> I'm not sure it even hits filter_recipient in this scenario unless it has a
> valid user name.   I once made the mistake of running qmail for a domain and
> it's habit of accepting everything and later generating bounces seems to
> have gotten a whole dictionary attack onto some validated mail list that
> must be circulated or sold among spammers.  I don't use that name any more
> but for years I was rejecting about 50k messages a day for it.  I suppose
> that's not even a high volume any more...
>
> --
>  Les Mikesell
>    lesmikesell at gmail.com
> _______________________________________________
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID.  You may ignore it.
>
> Visit http://www.mimedefang.org and http://www.roaringpenguin.com
> MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>

More information about the MIMEDefang mailing list