[Mimedefang] Blocking Dictionary Attacks

Les Mikesell les at futuresource.com
Thu Jun 4 18:17:48 EDT 2009

afo cliff wrote:
> Thanks Matt ... now I'm makin copies :)
> I need to have a way to stop dictionary attacks ... unless there is a
> better way I was going to extract the TO address and discard the email
> in mimedefang-filter if the user did not exist when compared against a
> database table of valid users.  I'd be interested to know the
> preferred way to handle this.

If you are going to maintain the user list, sendmail can reject things 
really quickly before even hitting mimedefang if you set up a virtuser 
table with a default reject and mappings for all addresses it should accept:
@domain.com error:nouser No such user here
validname1 at domain.com validname1 at delivery.address

> If this is a "roll your own" situation, then I have a question
> regarding multiple-addressee emails.  I plan to use the
> stream_by_domain option. At what point can I look at the email after
> it has been split into individual emails in order to do the database
> comparison?

I'm not sure it even hits filter_recipient in this scenario unless it 
has a valid user name.   I once made the mistake of running qmail for a 
domain and it's habit of accepting everything and later generating 
bounces seems to have gotten a whole dictionary attack onto some 
validated mail list that must be circulated or sold among spammers.  I 
don't use that name any more but for years I was rejecting about 50k 
messages a day for it.  I suppose that's not even a high volume any more...

   Les Mikesell
     lesmikesell at gmail.com

More information about the MIMEDefang mailing list