Tabor J. Wells wrote:
> On Thu, Dec 12, 2002 at 03:14:44PM -0700,
> Kevin P. Fleming is thought to have said:
>
>
> >Anyone have any more suggestions?
>
>
> You could look for attempted dictionary attacks for any host by using
> $rcpt_fail_count and start delaying when it reachs some threshold.
>
True... I've only seen a few (less than six) dictionary attacks so far, but
that's a good idea (and easy enough to implement).
deny domains = +local_domains
message = unknown user
delay = ${if >{$rcpt_fail_count}{1} {${eval:30*$rcpt_fail_count}}{0}}s
! verify = recipient
Or something like that... I've yet to try it.
