Focus on Linux
spambots and dictionary attacks Nov 17 2006 04:02PM
rowland onobrauche (rowland onobrauche legendplc com) (3 replies)
Re: spambots and dictionary attacks Nov 17 2006 11:11PM
Greg Metcalfe (metcalfegreg qwest net)
Re: spambots and dictionary attacks Nov 17 2006 07:18PM
Peter H. Lemieux (phl cyways com) (1 replies)
Re: spambots and dictionary attacks Nov 20 2006 12:43PM
rowland onobrauche (rowland onobrauche legendplc com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter H. Lemieux wrote:

> rowland onobrauche wrote:
>
>> I would like to hear from anyone that has successfully blocked
>> spambots or dictionary attacks without the need of another server
>> in between your mailserver and the senders.
>
>
> The only effective solution I've found in these cases is to
> maintain a whitelist of the valid addresses for the domains I
> manage and block the rest. I'm not an exim user, so I can't help
> with details. Luckily most of my clients are small businesses or
> nonprofits with fewer than a hundred employees and fairly limited
> turnover rates. Obviously this isn't easy to implement if you're
> receiving mail for thousands of users, but it is effective.
>
> If all the mail for a domain is routed to a single mailbox, you can
> implement whitelisting with a bunch of procmail rules in the
> mailbox owner's .procmailrc. Something like:
>
> :0 * ^TO.*okaddress1 (at) yourdomain (dot) com [email concealed] $DEFAULT
>
> :0 * ^TO.*okaddress2 (at) yourdomain (dot) com [email concealed] $DEFAULT
>
> [repeat as needed]
>
> :0 * ^TO.*yourdomain.com /dev/null
>
> or replace "/dev/null" with some spam mailbox if you're more
> risk-averse. This has the advantage that you only need privileges
> in the domain owner's account; SMTP-level solutions usually require
> root privileges. See "man procmailrc" and "man procmailex" for
> more details.
>
>
> Peter

Many thanks Peter.
Im familiar with procmail, but im looking for a way of blocking the
connection before the smtp commands have even got to the DATA stage.

rowland
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFFYaMKn71Wg8vs0SURAgznAJoCN7NdDfw1PYqURtgDk+7eqJ29WQCfanBr
I2rsLZEkB/hrSpUIIcf8FeM=
=JZg2
-----END PGP SIGNATURE-----

[ reply ]
Re: spambots and dictionary attacks Nov 17 2006 06:51PM
Hans Wolters (php xs4all nl)


 

Privacy Statement
Copyright 2010, SecurityFocus