dealing with dictionary attacks

Res res at
Mon Mar 5 12:17:49 CET 2007

I've not seen a post on the sendmail list/newsgroup
The appropriate place for NON mailscanner info is the  MTA of choices 

On Mon, 5 Mar 2007, Chris Yuzik wrote:

> Dhawal Doshy wrote:
>> You do not need a policy server for this.. simply use 
>> smtpd_hard_error_limit.. however from the OP's mail it looks like he is a 
>> sendmail user..
> Yes, Sendmail. Sorry, should have mentioned that in my post.
> The "smtpd_hard_error_limit" would be a good thing, but not being a sendmail 
> guru, I'm not aware of an equivalent.
>> Now for the OP:
>> Did you even google for "your_mta dictionary attack" before asking the 
>> list? for sendmail here are the first and second links from google.
> You bet. I've spent the last couple of hours googling this very thing, and 
> already have those sendmail tweaks (and more) going. BUT, I'm still watching 
> machines trying random users at our domains...over and over again. Not 50 per 
> minute or anything, but I would say dozens an hour. It seems to me a good 
> thing to simply put that IP in some sort of a penalty box for a couple of 
> days and not have it bother the server while it's there.
> Thanks.
> Cheers,
> Chris


"If I lay here, If I just lay here, would you lay with with me and just forget the world?"

More information about the MailScanner mailing list