dictionary attack
Jameel Akari
jakari at bithose.com
Fri Feb 18 20:22:40 GMT 2011
On Fri, 18 Feb 2011, Ejaz wrote:
> Now days there is lots of dictionary attacks towards my domain, find the
> below one of the example, would any one please help me how can I prevent
> such attacks,
Well, make sure you reject the invalid users up front, in the MTA. No
point in scanning it, and then having it rejected downstream. I don't
know how you configure this in Postfix specifically, but that's the first
thing to check. If you're already doing this, then you don't have much of
a problem anyway.
Going further... are you running any RBLs in Postfix? Any source that
keeps hammering away like this is likely to be in somebody's blacklist
already. Rejecting on RBLs isn't for everyone though.
If you're looking for a fun exercise and want to try to stop them
entirely, you could consider logging the rejections and parsing out the
sender's IP address(es) - feed those into your firewalls, your own RBLs,
your MTA's access table, etc. But this way lies madness. ;)
--
Jameel Akari
More information about the MailScanner
mailing list