Re: [Exim] Different Teergrub/Dictinary Attack

Góra strony
Delete this message
Reply to this message
Autor: Alan J. Flavell
Data:  
Dla: Exim users list
Temat: Re: [Exim] Different Teergrub/Dictinary Attack
On Fri, 12 Sep 2003, Tony Earnshaw wrote:

> > Don't forget that if you _do_ decide to finish the party by refusing
> > to talk SMTP to them, or even dropping them at the firewall, then
> > a bona fide sender who has been misidentified has no way to even
> > contact the postmaster to discuss the problem.
>
> Why?


As I said: if you react to (what you identify as) a series of
dictionary scans by subsequently refusing to talk SMTP to them
(putting their IP into host_reject_connection or equivalent, or
blocking them in your firewall), then you're not going to find out
that they're subsequently trying to discuss the problem with your
postmaster address.

> I've cut off dictionary attacks. Mail to postmaster *or* abuse
> should be accepted, whatever happens.


Then you haven't stopped talking SMTP to them, OK. I was only
cautioning readers about a possible consequence of doing so.

cheers