dealing with dictionary attacks

Chris Yuzik itdept at
Mon Mar 5 10:52:28 CET 2007

We're beginning to really try to harden our external mail server. 
MailScanner is generally doing great.

As I watch my maillog data flow up my screen, I'm seeing tons of "... 
User unknown" messages and many of them are coming from a handful of IP 
addresses.Obviously, I would like the server's bandwidth and cpu cycles 
to be used for more productive things than dealing with what is (likely) 
a zombie machine running through a list of possible accounts at our domain.

Is there a trustworthy milter that will say, for example, "15 bad email 
addresses to our server within an hour and bang...the sender is 
blacklisted for say 36 hours"?


More information about the MailScanner mailing list