Re: spambots and dictionary attacks



rowland onobrauche wrote:
I would like to hear from anyone that has successfully blocked
spambots or dictionary attacks without the need of another server in
between your mailserver and the senders.

The only effective solution I've found in these cases is to maintain a whitelist of the valid addresses for the domains I manage and block the rest. I'm not an exim user, so I can't help with details. Luckily most of my clients are small businesses or nonprofits with fewer than a hundred employees and fairly limited turnover rates. Obviously this isn't easy to implement if you're receiving mail for thousands of users, but it is effective.

If all the mail for a domain is routed to a single mailbox, you can implement whitelisting with a bunch of procmail rules in the mailbox owner's .procmailrc. Something like:

:0
* ^TO.*okaddress1@xxxxxxxxxxxxxx
$DEFAULT

:0
* ^TO.*okaddress2@xxxxxxxxxxxxxx
$DEFAULT

[repeat as needed]

:0
* ^TO.*yourdomain.com
/dev/null

or replace "/dev/null" with some spam mailbox if you're more risk-averse. This has the advantage that you only need privileges in the domain owner's account; SMTP-level solutions usually require root privileges. See "man procmailrc" and "man procmailex" for more details.


Peter