dealing with dictionary attacks
Dhawal Doshy
dhawal at netmagicsolutions.com
Mon Mar 5 11:20:48 CET 2007
--[ UxBoD ]-- wrote:
> On Mon, 05 Mar 2007 01:52:28 -0800
> Chris Yuzik <itdept at fractalweb.com> wrote:
>
>> We're beginning to really try to harden our external mail server.
>> MailScanner is generally doing great.
>>
>> As I watch my maillog data flow up my screen, I'm seeing tons of "...
>> User unknown" messages and many of them are coming from a handful of IP
>> addresses.Obviously, I would like the server's bandwidth and cpu cycles
>> to be used for more productive things than dealing with what is (likely)
>> a zombie machine running through a list of possible accounts at our domain.
>>
>> Is there a trustworthy milter that will say, for example, "15 bad email
>> addresses to our server within an hour and bang...the sender is
>> blacklisted for say 36 hours"?
>>
>> Thanks
> http://policyd.sourceforge.net
You do not need a policy server for this.. simply use
smtpd_hard_error_limit.. however from the OP's mail it looks like he is
a sendmail user..
Now for the OP:
Did you even google for "your_mta dictionary attack" before asking the
list? for sendmail here are the first and second links from google.
http://www.technoids.org/dossed.html#3.2
http://notbrainsurgery.livejournal.com/23066.html
More information about the MailScanner
mailing list