Alex Moore wrote:
How can I setup a rule in MIMEDefang to define those transactions? Say
when a smtp server tries 10 times within a short time period and is sent
a 550 code each time. I think that it would appropriate to have MD just
blacklist that address. Is that possible? I want to ignore them
completely after this event has occurred.
Well, this isn't MIMEDefang, but we've had good luck with a variation on
the rumplekiller script (some people refer to dictionary attacks as
"Rumplestiltskin attacks") here:
http://bignosebird.com/notebook/rumplekill.shtml
The script runs from a cron job and checks the mail logs for excessive
"User unknown" hits from an IP address. The original version uses IP
routing commands to ignore all incoming connections, but it's easy
enough to adapt it to other actions (we have it add the IP to our local
blacklist, for instance).
You might also look into Sendmail's BAD_RCPT_THROTTLE feature. It
doesn't block them, but it'll slow them down a bit.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
