Will milter-greylist solve my directory harvest attacks?

Matt Kettler mkettler at EVI-INC.COM
Thu Dec 15 22:19:12 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

dnsadmin 1bigthink.com wrote:
> Hello All,
> 
> I've implemented as much restriction, as tolerable by my users, within
> the MTA (sendmail) and still get some hammering directory harvest attacks.
> 
> Will milter-greylist help?

Somewhat, but you'll get hammered with a really large greylist database.

Really to deal with dictionary attacks there's a few quick sendmail features you
can use to help.

The BAD_RCPT_THROTTLE options is probably the most effective here. Here's a
quick sendmail.mc fragment for it:

#after 15 invalid recipients, start slowing them down with
#1 second sleeps
define(`confBAD_RCPT_THROTTLE',15)

You might also want to consider MAX_RCPTS_PER_MESSAGE, MAX_DAEMON_CHILDREN, and
CONNECTION_RATE_THROTTLE.

I'd also strongly suggest making sure that PRIVACY_FLAGS has either goaway or
novrfy,noexpn.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list