Autor: Juha Saarinen
Data:
A: exim-users
Assumpte: [Exim] Dictionary attack defence ideas?
Some happy chappie decided to run a dictionary attack against my Exim 4.04
installation earlier:
2002-07-08 00:57:35 H=pcp01631504pcs.tybout01.de.comcast.net
(mx.spamcop.net) [68.82.4.229] F=<webmaster@???> rejected RCPT
<amber@???>: Unrouteable address
2002-07-08 00:57:35 H=pcp01631504pcs.tybout01.de.comcast.net
(mx.spamcop.net) [68.82.4.229] F=<webmaster@???> rejected RCPT
<alex@???>: Unrouteable address
2002-07-08 00:57:35 H=pcp01631504pcs.tybout01.de.comcast.net
(mx.spamcop.net) [68.82.4.229] F=<webmaster@???> rejected RCPT
<anne@???>: Unrouteable address
2002-07-08 00:57:35 H=pcp01631504pcs.tybout01.de.comcast.net
(mx.spamcop.net) [68.82.4.229] F=<webmaster@???> rejected RCPT
<alison@???>: Unrouteable address
2002-07-08 00:57:35 H=pcp01631504pcs.tybout01.de.comcast.net
(mx.spamcop.net) [68.82.4.229] F=<webmaster@???> rejected RCPT
<alec@???>: Unrouteable address
2002-07-08 00:57:35 H=pcp01631504pcs.tybout01.de.comcast.net
(mx.spamcop.net) [68.82.4.229] F=<webmaster@???> rejected RCPT
<angie@???>: Unrouteable address
2002-07-08 00:57:35 H=pcp01631504pcs.tybout01.de.comcast.net
(mx.spamcop.net) [68.82.4.229] F=<webmaster@???> rejected RCPT
<amy@???>: Unrouteable address
... etc, ad nauseam.
I've searched Google, and the mailing list archives, but drawn a blank on
finding anything that might be useful to combat dictionary attacks.
Is there a way to e.g. teergrube idiots who bombard your server with lots
of connections? Max_connections_per_host or something?
--
Juha Saarinen