Block dictionary attackers?

Furnish, Trever G TGFurnish at
Sun Nov 19 00:20:34 GMT 2006

Can anyone point me to an effective means of automatically blocking
dictionary attackers in close-to-realtime?

By "dictionary attackers" I mean a connecting server that attempts
delivery to more than X invalid local recipients within a given
timeframe, which is almost always evidence that the connecting server is
attempting to guess valid email addresses.

My MTA is sendmail 8.12.  Is Snertsoft's milter-report the best

My goal isn't so much to stop them from guessing valid email addresses
-- every spammer under the sun seems to already have the entire list --
it's to identify the sending server as a (slightly stupid) 'soldier of
the enemy'. :-)
Trever Furnish, tgfurnish at
Herff Jones, Inc. Unix / Network Administrator
Phone: 317.612.3519
Any sufficiently advanced technology is indistinguishable from Unix.

More information about the MailScanner mailing list