dealing with dictionary attacks

Chris Yuzik itdept at fractalweb.com
Mon Mar 5 11:38:10 CET 2007


Dhawal Doshy wrote:
> You do not need a policy server for this.. simply use 
> smtpd_hard_error_limit.. however from the OP's mail it looks like he 
> is a sendmail user..
Yes, Sendmail. Sorry, should have mentioned that in my post.

The "smtpd_hard_error_limit" would be a good thing, but not being a 
sendmail guru, I'm not aware of an equivalent.
> Now for the OP:
> Did you even google for "your_mta dictionary attack" before asking the 
> list? for sendmail here are the first and second links from google.
> http://www.technoids.org/dossed.html#3.2
> http://notbrainsurgery.livejournal.com/23066.html
You bet. I've spent the last couple of hours googling this very thing, 
and already have those sendmail tweaks (and more) going. BUT, I'm still 
watching machines trying random users at our domains...over and over 
again. Not 50 per minute or anything, but I would say dozens an hour. It 
seems to me a good thing to simply put that IP in some sort of a penalty 
box for a couple of days and not have it bother the server while it's there.

Thanks.

Cheers,
Chris


More information about the MailScanner mailing list