Re: [Exim] Different Teergrub/Dictinary Attack

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMTony Earnshaw at <-
.MSheldon Hearn at ->
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Subject: Re: [Exim] Different Teergrub/Dictinary Attack
On Fri, 12 Sep 2003, Tony Earnshaw wrote:

> > Don't forget that if you _do_ decide to finish the party by refusing
> > to talk SMTP to them, or even dropping them at the firewall, then
> > a bona fide sender who has been misidentified has no way to even
> > contact the postmaster to discuss the problem.
>
> Why?

As I said: if you react to (what you identify as) a series of
dictionary scans by subsequently refusing to talk SMTP to them
(putting their IP into host_reject_connection or equivalent, or
blocking them in your firewall), then you're not going to find out
that they're subsequently trying to discuss the problem with your
postmaster address.

> I've cut off dictionary attacks. Mail to postmaster *or* abuse
> should be accepted, whatever happens.

Then you haven't stopped talking SMTP to them, OK. I was only
cautioning readers about a possible consequence of doing so.

cheers


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Different Teergrub/Dictinary AttackRe: [Exim] connection refused->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)