Will milter-greylist solve my directory harvest attacks?
Matt Kettler
mkettler at EVI-INC.COM
Thu Dec 15 22:19:12 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
dnsadmin 1bigthink.com wrote:
> Hello All,
>
> I've implemented as much restriction, as tolerable by my users, within
> the MTA (sendmail) and still get some hammering directory harvest attacks.
>
> Will milter-greylist help?
Somewhat, but you'll get hammered with a really large greylist database.
Really to deal with dictionary attacks there's a few quick sendmail features you
can use to help.
The BAD_RCPT_THROTTLE options is probably the most effective here. Here's a
quick sendmail.mc fragment for it:
#after 15 invalid recipients, start slowing them down with
#1 second sleeps
define(`confBAD_RCPT_THROTTLE',15)
You might also want to consider MAX_RCPTS_PER_MESSAGE, MAX_DAEMON_CHILDREN, and
CONNECTION_RATE_THROTTLE.
I'd also strongly suggest making sure that PRIVACY_FLAGS has either goaway or
novrfy,noexpn.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list