[Mimedefang] Re: dictionary attacks looking for a valid user

Kelson Vibber kelson at speed.net
Thu Dec 29 15:23:25 EST 2005


Joseph Brennan wrote:
> To some extent I've reduced the problem with--
>     define(`confBAD_RCPT_THROTTLE', `2')
> --in sendmail.mc, cutting down on how many addresses they can check.
> The concept was that zombies don't queue and re-try.  However our logs
> recently have evidence that now they do re-try.

Um.... that doesn't cut them off after two hits, it just causes the 
server to pause before acknowledging each subsequent recipient the 
client asks for in that session.

It ties up the attacker's resources a bit longer, and it cuts down on 
the amount of your bandwidth that they suck.

There is also confMAX_RCPTS_PER_MESSAGE, which limits the total number 
of recipients any message can target.  But that includes valid recipients.

-- 
Kelson Vibber
SpeedGate Communications, <www.speed.net>


More information about the MIMEDefang mailing list