From: Don Reiher
Date: 2006-02-04 10:26:02 -0500
Subject: Best defense against dictionary attack
More information..: http://www.milter.info/#Support
You have a lot of milters!
I am curious as to which milter is most popular for
fending off dictionary attacks.
When I was an ISP (3000 users) I had a script for tar-pitting.
It was called rumplekill.pl.
I cronned it to scan the mail.log every few minutes, counted
"User Unknowns" and then dev/nulled routes from that ip address.
I reset the list each morning to give
it a fresh start. There were several problems with the method.
Spammers started reducing the number of dictionary attacks per
envelope, and started distributing the load across dozens of
(hijacked?) smtp servers. I even saw some of them using one
to three emails per envelope (that attack takes about a week
to finish but some spammers seem very patient).
Some of my (stupid?) users would try to do mass mailings
to folks on my own server, and would never bother cleaning
out bad email addresses.
They would trigger the dev/null route, and bingo. . . they
can't pop3 or send mail anymore (or see their own web site)
till the next day. It was fun.
milter-ahead seems the safest. I am wondering how it will work
with Groupwise (GWIA). It seems RFC compliant, so I assume it
milter-sender seems a little dangerous. I think some smtp
servers are misconfigured to give up too quickly. . . especially
folks using Micro$oft exchange when they don't know what they
are doing. I find a lot of corp sysadmins don't know what they
are doing, and their systems are so full of viruses and trojans
that the mail server simply runs very slowly and tends to time
milter-error looks interesting. I have to look at the code, but
I assume "User Unknown" is the error it looks for.
For a high volume mail relay to a second "real" mail server (ie.
1,000 hams a day) what would be best?
By the way, Anthony. . . thanks loads for the help with the code.
I hope some others will benefit from that post.
- Don Reiher
Copyright 2009, 2012 by SnertSoft. All rights reserved.