dealing with dictionary attacks
itdept at fractalweb.com
Mon Mar 5 11:38:10 CET 2007
Dhawal Doshy wrote:
> You do not need a policy server for this.. simply use
> smtpd_hard_error_limit.. however from the OP's mail it looks like he
> is a sendmail user..
Yes, Sendmail. Sorry, should have mentioned that in my post.
The "smtpd_hard_error_limit" would be a good thing, but not being a
sendmail guru, I'm not aware of an equivalent.
> Now for the OP:
> Did you even google for "your_mta dictionary attack" before asking the
> list? for sendmail here are the first and second links from google.
You bet. I've spent the last couple of hours googling this very thing,
and already have those sendmail tweaks (and more) going. BUT, I'm still
watching machines trying random users at our domains...over and over
again. Not 50 per minute or anything, but I would say dozens an hour. It
seems to me a good thing to simply put that IP in some sort of a penalty
box for a couple of days and not have it bother the server while it's there.
More information about the MailScanner