dealing with dictionary attacks

Dhawal Doshy dhawal at
Mon Mar 5 11:20:48 CET 2007

--[ UxBoD ]-- wrote:
> On Mon, 05 Mar 2007 01:52:28 -0800
> Chris Yuzik <itdept at> wrote:
>> We're beginning to really try to harden our external mail server. 
>> MailScanner is generally doing great.
>> As I watch my maillog data flow up my screen, I'm seeing tons of "... 
>> User unknown" messages and many of them are coming from a handful of IP 
>> addresses.Obviously, I would like the server's bandwidth and cpu cycles 
>> to be used for more productive things than dealing with what is (likely) 
>> a zombie machine running through a list of possible accounts at our domain.
>> Is there a trustworthy milter that will say, for example, "15 bad email 
>> addresses to our server within an hour and bang...the sender is 
>> blacklisted for say 36 hours"?
>> Thanks

You do not need a policy server for this.. simply use 
smtpd_hard_error_limit.. however from the OP's mail it looks like he is 
a sendmail user..

Now for the OP:
Did you even google for "your_mta dictionary attack" before asking the 
list? for sendmail here are the first and second links from google.

More information about the MailScanner mailing list