On Thu, 15 Dec 2005, David F. Skoll wrote:
Jan Pieter Cornet wrote:
An easier solution might be to have a process tail(1) your logfile and
take action on the information there. I think I've even seen something
like that: more than x invalid recipients, and you're firewalled away.
That's
Steffen Kaiser wrote:
After reading these two paragraphes some worrying struck me:
In opposite to SSH connections you cannot assume that the attacker sits
on the other side of a SMTP communication. Maybe the server just
relays the mail or is an huge mail hoster (say, hotmail, gmail, aol),
Steffen Kaiser wrote:
Actually, there was a patch for sendmail posted to comp.mail.sendmail
for a feature drop connection if number of bad recipients exceeds n.
http://groups.google.com/group/comp.mail.sendmail/browse_thread/thread/5203bd02a5d9f8f3
Problem is, I've seen a lot of attacks
--On Friday, December 16, 2005 10:55 AM -0500 Kevin A. McGrail
[EMAIL PROTECTED] wrote:
Also, for my own personal setup since I use virtusertables as well, I
have set a very hard-coded check in filter_recipient like this:
Is that looking for custom recipient names that you've registered
From: David F. Skoll
Sent: Thursday, December 15, 2005 1:53 PM
Unfortunately, MIMEDefang only sees exactly what was in the
RCPT TO: command. It doesn't know the results of virtusertable
changes.
(Though it occurs to me that it can see the mailer, so if you
map invalid addresses to
Gary Funck wrote:
Can the socket map feature be put to work here?
Unfortunately, a filter_map call is called outside the context
of a message -- in other words, there's no way to associate a filter_map
call with a milter session.
The SOCKETMAP support was added so our commercial CanIt products
On Fri, Dec 16, 2005 at 04:11:52PM -0500, David F. Skoll wrote:
Can the socket map feature be put to work here?
Unfortunately, a filter_map call is called outside the context
of a message -- in other words, there's no way to associate a filter_map
call with a milter session.
Well, in
I had too many issues with +'s not working with websites and some of my
email addresses being handled by a mixture of Linux and Exchange that I gave
up and abandoned it.
Is that looking for custom recipient names that you've registered with? If
so, have you tried plussed addresses? A lot of web
I have not seen this topic discussed. BTW, I appreciate the recent
thread on greylisting.
Spammer scenario:
A spammer tries many times to find a user with something like a
dictionary attack or a list of commonly used user names.
How can I setup a rule in MIMEDefang to define those transactions?
On Thu, Dec 15, 2005 at 03:05:45PM -0600, Alex Moore wrote:
A spammer tries many times to find a user with something like a
dictionary attack or a list of commonly used user names.
How can I setup a rule in MIMEDefang to define those transactions? Say
when a smtp server tries 10 times
Jan Pieter Cornet wrote:
It's tricky. I haven't done this yet but I'm sortof planning to. One
possibility is to make sure all valid adresses are in virtusertable,
and all invalid adresses map to some magic token that sendmail believes
is valid, but really isn't. You could catch the magic
Alex Moore wrote:
How can I setup a rule in MIMEDefang to define those transactions? Say
when a smtp server tries 10 times within a short time period and is sent
a 550 code each time. I think that it would appropriate to have MD just
blacklist that address. Is that possible? I want to ignore
60ish% using this (since you
never receive it)
the rest is caught by spam assasin
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Alex
Moore
Sent: 15 December 2005 21:06
To: mimedefang@lists.roaringpenguin.com
Subject: [Mimedefang] dictionary attacks
On Thu, 15 Dec 2005 22:49:20 +0100
Jan Pieter Cornet [EMAIL PROTECTED] wrote:
It's tricky. I haven't done this yet but I'm sortof planning to. One
possibility is to make sure all valid adresses are in virtusertable,
and all invalid adresses map to some magic token that sendmail
believes is
Jan Pieter Cornet wrote:
On Thu, Dec 15, 2005 at 03:05:45PM -0600, Alex Moore wrote:
A spammer tries many times to find a user with something like a
dictionary attack or a list of commonly used user names.
How can I setup a rule in MIMEDefang to define those transactions? Say
when a smtp
From: Jan Pieter Cornet [EMAIL PROTECTED]
Subject: Re: [Mimedefang] dictionary attacks looking for a valid user
An easier solution might be to have a process tail(1) your logfile and
take action on the information there. I think I've even seen something
like that: more than x invalid
On Thu, Dec 15, 2005 at 04:53:13PM -0500, David F. Skoll wrote:
It's tricky. I haven't done this yet but I'm sortof planning to. One
possibility is to make sure all valid adresses are in virtusertable,
and all invalid adresses map to some magic token that sendmail believes
is valid, but
On Thu, Dec 15, 2005 at 10:49:20PM +0100, Jan Pieter Cornet wrote:
An easier solution might be to have a process tail(1) your logfile and
take action on the information there. I think I've even seen something
like that: more than x invalid recipients, and you're firewalled away.
This works
Little off the topic here..
On Thu, Dec 15, 2005 at 10:49:20PM +0100, Jan Pieter Cornet wrote:
An easier solution might be to have a process tail(1) your logfile and
take action on the information there. I think I've even seen something
like that: more than x invalid recipients, and you're
Paul Whittney wrote:
I've been thinking about that, but it was more for a realtime iptables,
or realtime email monitoring for stats that doesn't involve tail the
whole log, or open log every 5 minutes.
tail -F works well, and is close enough to real-time that the delay
is irrelevant.
20 matches
Mail list logo
