Focus on Linux
spambots and dictionary attacks Nov 17 2006 04:02PM
rowland onobrauche (rowland onobrauche legendplc com) (3 replies)
Re: spambots and dictionary attacks Nov 17 2006 11:11PM
Greg Metcalfe (metcalfegreg qwest net)
Re: spambots and dictionary attacks Nov 17 2006 07:18PM
Peter H. Lemieux (phl cyways com) (1 replies)
rowland onobrauche wrote:
> I would like to hear from anyone that has successfully blocked
> spambots or dictionary attacks without the need of another server in
> between your mailserver and the senders.

The only effective solution I've found in these cases is to maintain a
whitelist of the valid addresses for the domains I manage and block the
rest. I'm not an exim user, so I can't help with details. Luckily most
of my clients are small businesses or nonprofits with fewer than a
hundred employees and fairly limited turnover rates. Obviously this
isn't easy to implement if you're receiving mail for thousands of users,
but it is effective.

If all the mail for a domain is routed to a single mailbox, you can
implement whitelisting with a bunch of procmail rules in the mailbox
owner's .procmailrc. Something like:

:0
* ^TO.*okaddress1 (at) yourdomain (dot) com [email concealed]
$DEFAULT

:0
* ^TO.*okaddress2 (at) yourdomain (dot) com [email concealed]
$DEFAULT

[repeat as needed]

:0
* ^TO.*yourdomain.com
/dev/null

or replace "/dev/null" with some spam mailbox if you're more risk-averse.
This has the advantage that you only need privileges in the domain
owner's account; SMTP-level solutions usually require root privileges.
See "man procmailrc" and "man procmailex" for more details.

Peter

[ reply ]
Re: spambots and dictionary attacks Nov 20 2006 12:43PM
rowland onobrauche (rowland onobrauche legendplc com)
Re: spambots and dictionary attacks Nov 17 2006 06:51PM
Hans Wolters (php xs4all nl)


 

Privacy Statement
Copyright 2010, SecurityFocus