Focus on Linux
spambots and dictionary attacks Nov 17 2006 04:02PM
rowland onobrauche (rowland onobrauche legendplc com) (3 replies)
Re: spambots and dictionary attacks Nov 17 2006 11:11PM
Greg Metcalfe (metcalfegreg qwest net)
Re: spambots and dictionary attacks Nov 17 2006 07:18PM
Peter H. Lemieux (phl cyways com) (1 replies)
Re: spambots and dictionary attacks Nov 20 2006 12:43PM
rowland onobrauche (rowland onobrauche legendplc com)
Re: spambots and dictionary attacks Nov 17 2006 06:51PM
Hans Wolters (php xs4all nl)

On 17-nov-2006, at 17:02, rowland onobrauche wrote:

>
> I would like to hear from anyone that has successfully blocked
> spambots or dictionary attacks without the need of another server in
> between your mailserver and the senders.
> The mailserver on my end is exim and it is actually a virtual server,
> so i cannot really edit the exim.conf file, but have access to access,
> virtusertable, trustedusers and sendmail.cw.

One thing to block about 90% or more of the attempts made by botnets
is preventing they can mail you by logging wrongly used helo's on the
mta.

I am running a script on my maillogs daily that is logging every
attempt and
stores it, in this situation, in the spamikaze database.

http://spamikaze.is-a-geek.org/~hans/prevent.pl

If the storeip subroutine would be altered you could also log it to a
file in a
format that exim uses to block ipnumbers. There is one in the current
spamikaze instance afaik.

http://spamikaze.org/

Best regards,

Hans

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus