Re: [Exim] Dictionary attack defense

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMOdhiambo Washington at <-
MAlan J. Flavell at ->
Delete this message
Reply to this message
Author: Rossz Vamos-Wentworth
Date:  
To: exim-users
Subject: Re: [Exim] Dictionary attack defense
> On Tue, 9 Sep 2003, Odhiambo G. Washington wrote:
>
> it was counted as a failed recipient, and so, after a
> certain number was reached, the logic of the ACL
> blacklisted this rather important source of mail as
> being a dictionary attacker. It took some time before this
> error then came to light, meantime we were refusing all
> non-postmaster mail from that source.

Wouldn't it be a good idea to send a message to yourself (or whomever
is responsible) whenever someone is blacklisted for a dictionary
attack? I can't imagine too many blocks kick in so this wouldn't be
a heavy burden. I'd also suggest not tying your anti-dictionary
attack script to blacklist results to avoid this happening again.
The script should ONLY count attempts at sending to non-existent
accounts.

Rossz

--
Fogalmam sincs, mi van ide írva.



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Wishlist # 189 reduxRe: [Exim] Dictionary attack defense->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)