Steffen Kaiser wrote: > After reading these two paragraphes some worrying struck me:
> In opposite to SSH connections you cannot assume that the attacker sits > on "the other side" of a SMTP communication. Maybe the server just > relays the mail or is an huge mail hoster (say, hotmail, gmail, aol), > you cannot firewall them off, just because one Black Sheep is abusing > the service?! I did a grep for the "Possible SMTP RCPT flood, throttling" log message from Sendmail in one month's worth of mail logs. Almost all were from dial-up, DSL or cable-modem PC's. There were maybe two or three that looked like they might have been "real" SMTP servers, and there were none from any major mail hosters. So I don't think it's a problem in practice, especially if you only firewall them off for 10-20 minutes at a time. Regards, David. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang