If the infection uses random names for the sender and recipients, this works very well, but it does also lead to a large number of entries in your greylisting database, which under extreme circumstances will add to your problems.
I think it was on the Fedora developers list where I saw someone suggest the use of the "recent" match type in iptables to firewall recent matches against some other rule. There's also an ipset match that can be used to match large lists of addresses. The trick is to convert the dictionary attacks into firewall entries. Perhaps those with scripts that do this could post them to the wiki.
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
