Author: Soeren Gerlach Date: To: exim-users Subject: [Exim] Possible action best against directory attack for relay server
Hello,
I have a small mail server which serves as a dedicated relay for a couple
of smaller domains. Together with MailScanner, SpamAssassin and a couple
of other tools it works quite well with Exim 3 on a Debian box.
Although the server hasn't become yet a directory attack victim (or
"directory hervesting attack" with some other words) since it's live (3
month until now) I'd like to take some precautions to secure it and am
looking now for the best
approach.
Due to the nature of the MailScanner and relaying functionality the
incoming and outgoing queue are totatally separated. I.e. the incoming
mails are queued up, cleanded and checked by MailScanner and then put into
an outgoing queue. Also the relay does not know about the usernames at the
final domains.
With this configuration I'm a little frightend of the fact that a
directory harvesting attack could try to send thousands of mails from
which 99.999% will be rejected as soon as they reach the outgoing queue.
But as the incoming queue does not know about the users it cannot stop the
whole process.
I assume that using a RLB is recommended in general; which one is to be
considered quite good and reliable (even for a usage fee)?
Is there any other thing I can/should change on the exim installation?
I've currently installed a 3. version but will switch to a 4. version in
the next 2-3 weeks. As the domains are quite small I think of some
throttle like "maximum of 200 mails/relaying domain/hour". Are there some
switches like this available?