Re: spambots and dictionary attacks




On 17-nov-2006, at 17:02, rowland onobrauche wrote:


I would like to hear from anyone that has successfully blocked
spambots or dictionary attacks without the need of another server in
between your mailserver and the senders.
The mailserver on my end is exim and it is actually a virtual server,
so i cannot really edit the exim.conf file, but have access to access,
virtusertable, trustedusers and sendmail.cw.

One thing to block about 90% or more of the attempts made by botnets
is preventing they can mail you by logging wrongly used helo's on the mta.

I am running a script on my maillogs daily that is logging every attempt and
stores it, in this situation, in the spamikaze database.

http://spamikaze.is-a-geek.org/~hans/prevent.pl

If the storeip subroutine would be altered you could also log it to a file in a
format that exim uses to block ipnumbers. There is one in the current
spamikaze instance afaik.

http://spamikaze.org/

Best regards,

Hans