[Mimedefang] dictionary attacks looking for a valid user

Alex Moore asmoore at edge.net
Thu Dec 15 16:05:45 EST 2005


I have not seen this topic discussed.  BTW, I appreciate the recent
thread on greylisting.

Spammer scenario:
A spammer tries many times to find a user with something like a
dictionary attack or a list of commonly used user names.

How can I setup a rule in MIMEDefang to define those transactions?  Say
when a smtp server tries 10 times within a short time period and is sent
a 550 code each time. I think that it would appropriate to have MD just
blacklist that address. Is that possible?  I want to ignore them
completely after this event has occurred.

Ideas?

Thanks, Alex

-- 


More information about the MIMEDefang mailing list