> On Tue, 9 Sep 2003, Odhiambo G. Washington wrote: >
> it was counted as a failed recipient, and so, after a
> certain number was reached, the logic of the ACL
> blacklisted this rather important source of mail as
> being a dictionary attacker. It took some time before this
> error then came to light, meantime we were refusing all
> non-postmaster mail from that source.
Wouldn't it be a good idea to send a message to yourself (or whomever
is responsible) whenever someone is blacklisted for a dictionary
attack? I can't imagine too many blocks kick in so this wouldn't be
a heavy burden. I'd also suggest not tying your anti-dictionary
attack script to blacklist results to avoid this happening again.
The script should ONLY count attempts at sending to non-existent
accounts.
