A bit OT: Cut off address probes?
Steve Thomas
lists at STHOMAS.NET
Tue Aug 5 00:28:20 IST 2003
On Mon, Aug 04, 2003 at 06:08:28PM -0500, Furnish, Trever G is rumored to have said:
>
> Is there a way to configure sendmail (or whatever) such that "address
> probes" are less effective and intrusive? I could imagine how the process
> ...
> By address probe, I mean connections that either:
> 1. Ask the receiving mta to accept a message for one invalid address
> after another despite repeated negative responses from the receiving mta.
> Something that amounts to "Is bob valid?" ... "no" ... "Well, what about
> tom?" ... "no" ... "Frank?" ... etc.
In your sendmail.mc, put:
define(`confBAD_RCPT_THROTTLE',`5')
Replace the 5 with the number of bad RCPT TOs you'd like to start throttling at. For instance, in my setup, it'll start throttling the connection if 5 invalid recipients are specified in the same SMTP session.
This works by delaying one second before issuing the unknown user response. I wasn't happy with that, as the spamware just kept banging away at it anyway, so I dug around in the source and upped the delay to 15 seconds <g>. The dictionary attacks have all but stopped now. I used to get thousands of "unknown user" lines in my log each day - now I have about 10-15. :)
--
"Reality is merely an illusion, albeit a very persistent one."
- Albert Einstein (1879-1955)
More information about the MailScanner
mailing list