Focus on Linux
Re: spambots and dictionary attacks Nov 20 2006 02:08PM
Peter H. Lemieux (phl cyways com)
>> rowland onobrauche wrote:

>>> I would like to hear from anyone that has successfully blocked
>>> spambots or dictionary attacks without the need of another server
>>> in between your mailserver and the senders.

>> Peter H. Lemieux wrote:
>> The only effective solution I've found in these cases is to
>> maintain a whitelist of the valid addresses for the domains I
>> manage and block the rest.
>> [...]
>> If all the mail for a domain is routed to a single mailbox, you can
>> implement whitelisting with a bunch of procmail rules in the
>> mailbox owner's .procmailrc.

> Many thanks Peter.
> Im familiar with procmail, but im looking for a way of blocking the
> connection before the smtp commands have even got to the DATA stage.

Dear Rowland,

At the SMTP level I use the excellent store-and-forward smtp daemon
written by Obtuse Systems in the mid 1990's and released under an
open-source license. They no longer maintain the code, but it has been
taken over by a volunteer and is listed on Freshmeat
http://freshmeat.net/projects/smtpd-sd/.

This daemon allows you to write rules based on the server's sender IP and
reverse-hostname and the MAIL FROM and RCPT TO addresses in the SMTP
exchange. So I maintain client whitelists by including a set of rules
allowing the valid addresses through and denying the rest. (It also runs
in a chrooted environment for additional security.)

I didn't mention this approach because you ruled out solutions that might
require another server. It is possible to use smtpd on the same server
as your MTA, but it takes a bit of work. I don't use exim so I don't
know how easy this would be for you.

All my incoming mail arrives on the server running smtpd which then
forwards the permitted traffic on to my scanning server (running
MailScanner, ClamAV and SpamAssassin). This has worked quite well over a
period of years.

I suggested the procmail approach because it wasn't clear how much
control you had over the server (is it yours?). The procmail solution
would work even in a hosted environment, while you'd obviously need to be
the server's owner to change the smtp daemon and MTA.

Peter

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus