dictionary attack

Jameel Akari jakari at bithose.com
Fri Feb 18 20:22:40 GMT 2011

On Fri, 18 Feb 2011, Ejaz wrote:

> Now days there is lots of dictionary attacks towards my domain, find the 
> below one of the example, would any one please help me how can I prevent 
> such attacks,

Well, make sure you reject the invalid users up front, in the MTA.  No 
point in scanning it, and then having it rejected downstream.  I don't 
know how you configure this in Postfix specifically, but that's the first 
thing to check.  If you're already doing this, then you don't have much of 
a problem anyway.

Going further... are you running any RBLs in Postfix?  Any source that 
keeps hammering away like this is likely to be in somebody's blacklist 
already.  Rejecting on RBLs isn't for everyone though.

If you're looking for a fun exercise and want to try to stop them 
entirely, you could consider logging the rejections and parsing out the 
sender's IP address(es) - feed those into your firewalls, your own RBLs, 
your MTA's access table, etc.  But this way lies madness. ;)

Jameel Akari

More information about the MailScanner mailing list