dealing with dictionary attacks
Res
res at ausics.net
Mon Mar 5 12:17:49 CET 2007
I've not seen a post on the sendmail list/newsgroup
The appropriate place for NON mailscanner info is the MTA of choices
list/newsgroup
On Mon, 5 Mar 2007, Chris Yuzik wrote:
> Dhawal Doshy wrote:
>> You do not need a policy server for this.. simply use
>> smtpd_hard_error_limit.. however from the OP's mail it looks like he is a
>> sendmail user..
> Yes, Sendmail. Sorry, should have mentioned that in my post.
>
> The "smtpd_hard_error_limit" would be a good thing, but not being a sendmail
> guru, I'm not aware of an equivalent.
>> Now for the OP:
>> Did you even google for "your_mta dictionary attack" before asking the
>> list? for sendmail here are the first and second links from google.
>> http://www.technoids.org/dossed.html#3.2
>> http://notbrainsurgery.livejournal.com/23066.html
> You bet. I've spent the last couple of hours googling this very thing, and
> already have those sendmail tweaks (and more) going. BUT, I'm still watching
> machines trying random users at our domains...over and over again. Not 50 per
> minute or anything, but I would say dozens an hour. It seems to me a good
> thing to simply put that IP in some sort of a penalty box for a couple of
> days and not have it bother the server while it's there.
>
> Thanks.
>
> Cheers,
> Chris
>
--
Cheers
Res
"If I lay here, If I just lay here, would you lay with with me and just forget the world?"
More information about the MailScanner
mailing list