[Mimedefang] dictionary attacks looking for a valid user

David F. Skoll dfs at roaringpenguin.com
Thu Dec 15 23:26:08 EST 2005


Paul Whittney wrote:

> I've been thinking about that, but it was more for a realtime iptables,
> or realtime email monitoring for stats that doesn't involve "tail the
> whole log", or "open log every 5 minutes".

"tail -F" works well, and is close enough to real-time that the delay
is irrelevant.

> Perhaps this can be used here;
> syslog to a pipe, open the pipe in a process as read/write (doesn't stop
> the reading when logrotate and friends move the files,

GNU tail's "-F" option to the rescue! :-)

> Also, doesn't sendmail cope with rcpt/connection flooding?

Not well.

Regards,

David.


More information about the MIMEDefang mailing list