--On Thursday, December 15, 2005 8:15 AM +0100 Steffen Kaiser
[EMAIL PROTECTED] wrote:
OK, how to keep the Bad Guys out?
You're required to build up a trust system, then.
Right, but we already do that with black lists.
___
NOTE: If there is a
On Wed, 14 Dec 2005, Kenneth Porter wrote:
--On Thursday, December 15, 2005 8:15 AM +0100 Steffen Kaiser
[EMAIL PROTECTED] wrote:
OK, how to keep the Bad Guys out?
You're required to build up a trust system, then.
Right, but we already do that with black lists.
Which had listed a major
Charles wrote:
Do I understand you correctly that in the CanIT implementation you allow
all source addresses from a host once one address has cleared
greylisting from that host?
Yes. We turn off greylisting for a host once one address has cleared it.
(Well, we turn it off for 40 days --
-Original Message-
From: bablu bablu [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 15, 2005 1:27 AM
Any one has solution for this.
help me..
You can sense which direction the email is going (inbound or outbound)
based on the IP address of the relaying server
Steffen Kaiser wrote:
help a small company server. Perhaps a distributed greylist DB? Sort
of like a DNSBL but with white-listing. MD could store the successful
entries in a zone and we could publish our zones for others to use.
OK, how to keep the Bad Guys out?
You're required to build up
Brian Leyton wrote:
I think it might require a bit of prep work to make this a bit less
noticeable. The recommendation of building a whitelist ahead of time looks
like a very good idea, particularly for the main companies that we
correspond with. How would you recommend going about this? I'm
Hi All, Brian
Brian Leyton wrote:
I am relatively new to MIMEDefang, and I'm very happy with what I've been
able to do so far. I'd like to take things to a higher level though, and
one of the areas I'd like to work on is greylisting. I've seen a couple of
emails in the archives, and I've
Could someone help me decipher this error msg.
I can ping the host by name, I can telnet to it on port 25.
It's pretty much a valid listserver, but I just can't find the source
of this problem.
Dec 15 09:50:39 web sendmail[26589]: jBEE79GY027808: to=beforethebell-
[EMAIL PROTECTED],
To All,
I too have been thinking a lot about greylisting, and before spending the
time on the MIMEDefang front (as I think it's much better to have it hooked
in there, unless someone can say otherwise ;-) I thought I'd try it as a
milter add-on:
http://hcpnet.free.fr/milter-greylist/
I made
Paul Whittney wrote:
One other major problem I've run into, is ISP's providing
additional MX records in the DNS. So the spam systems that
follow the If the first attempt to send email fails, try the
next MX happens, then the ISP sends it on, which will make
it past the blacklist, and if
-Original Message-
From: Paul Whittney
define(`confMILTER_MACROS_CONNECT', `j, {if_addr}')
I'm a little worried on the effect of the
confMILTER_MACROS_CONNECT macro, but it hasn't hurt
MIMEDefang (that I can notice), so I need to do some
background reading on it.
Here's a
Paul,
I too have been thinking a lot about greylisting, and before
spending the time on the MIMEDefang front (as I think it's
much better to have it hooked in there, unless someone can
say otherwise ;-) I thought I'd try it as a milter add-on:
http://hcpnet.free.fr/milter-greylist/
The
John Graham Cunning's Sapm and Anti-spam Newsletter had a link to an
interesting article, Meet Average-Joe spammer at
http://computerworld.co.nz/news.nsf/UNID/440D22D8E10FE01DCC2570C9008001C5?OpenDocument
that I found interesting.
The spammer being interviewed states at the end of the
I have not seen this topic discussed. BTW, I appreciate the recent
thread on greylisting.
Spammer scenario:
A spammer tries many times to find a user with something like a
dictionary attack or a list of commonly used user names.
How can I setup a rule in MIMEDefang to define those transactions?
On Thu, Dec 15, 2005 at 10:03:16AM -0600, Dave Helton wrote:
Could someone help me decipher this error msg.
I can ping the host by name, I can telnet to it on port 25.
It's pretty much a valid listserver, but I just can't find the source
of this problem.
Dec 15 09:50:39 web sendmail[26589]:
On Thu, Dec 15, 2005 at 03:05:45PM -0600, Alex Moore wrote:
A spammer tries many times to find a user with something like a
dictionary attack or a list of commonly used user names.
How can I setup a rule in MIMEDefang to define those transactions? Say
when a smtp server tries 10 times
Jan Pieter Cornet wrote:
It's tricky. I haven't done this yet but I'm sortof planning to. One
possibility is to make sure all valid adresses are in virtusertable,
and all invalid adresses map to some magic token that sendmail believes
is valid, but really isn't. You could catch the magic
Alex Moore wrote:
How can I setup a rule in MIMEDefang to define those transactions? Say
when a smtp server tries 10 times within a short time period and is sent
a 550 code each time. I think that it would appropriate to have MD just
blacklist that address. Is that possible? I want to ignore
without giving too much away about how i've implemented this.
Basically -- Greylisting (triplet based)
Throttleing -- User Based agaist triplet scoring
Remote IP --Against tries/retries
Eg the last virus to do the rounds, that .Y or .Z depending on your AV,
basically tried to send x million
On Thu, 15 Dec 2005 22:49:20 +0100
Jan Pieter Cornet [EMAIL PROTECTED] wrote:
It's tricky. I haven't done this yet but I'm sortof planning to. One
possibility is to make sure all valid adresses are in virtusertable,
and all invalid adresses map to some magic token that sendmail
believes is
Jan Pieter Cornet wrote:
On Thu, Dec 15, 2005 at 03:05:45PM -0600, Alex Moore wrote:
A spammer tries many times to find a user with something like a
dictionary attack or a list of commonly used user names.
How can I setup a rule in MIMEDefang to define those transactions? Say
when a smtp
From: Jan Pieter Cornet [EMAIL PROTECTED]
Subject: Re: [Mimedefang] dictionary attacks looking for a valid user
An easier solution might be to have a process tail(1) your logfile and
take action on the information there. I think I've even seen something
like that: more than x invalid
On Thu, Dec 15, 2005 at 04:53:13PM -0500, David F. Skoll wrote:
It's tricky. I haven't done this yet but I'm sortof planning to. One
possibility is to make sure all valid adresses are in virtusertable,
and all invalid adresses map to some magic token that sendmail believes
is valid, but
On Thu, Dec 15, 2005 at 10:49:20PM +0100, Jan Pieter Cornet wrote:
An easier solution might be to have a process tail(1) your logfile and
take action on the information there. I think I've even seen something
like that: more than x invalid recipients, and you're firewalled away.
This works
Charles wrote:
Actually, you may just be able to use the greylist code. In
my case, I put the greylist code into production but
commented out the actual tempfail call. I let it run like
that for about 2 weeks, during which time it is building up
entries in mysql. After the two weeks, I
Little off the topic here..
On Thu, Dec 15, 2005 at 10:49:20PM +0100, Jan Pieter Cornet wrote:
An easier solution might be to have a process tail(1) your logfile and
take action on the information there. I think I've even seen something
like that: more than x invalid recipients, and you're
Paul Whittney wrote:
I've been thinking about that, but it was more for a realtime iptables,
or realtime email monitoring for stats that doesn't involve tail the
whole log, or open log every 5 minutes.
tail -F works well, and is close enough to real-time that the delay
is irrelevant.
Pl. help me I am not much of script writer
Does anyone have a ready script available...for
attaching disclamer only for internal users or
specific domain or based on ip.
Help me...pl..
Thanks in Advance.
--- Cormack, Ken [EMAIL PROTECTED] wrote:
-Original Message-
On 16/12/05, bablu bablu [EMAIL PROTECTED] wrote:
Pl. help me I am not much of script writer
You've obviously not caught the subtle hint.
Generally, people on this list view these disclaimers in a less than
positive light. You're not going to get much help beyond the pointers
you've
29 matches
Mail list logo
