Re: spambots and dictionary attacks



rowland onobrauche wrote:

I would like to hear from anyone that has successfully blocked
spambots or dictionary attacks without the need of another server
in between your mailserver and the senders.

Peter H. Lemieux wrote:
The only effective solution I've found in these cases is to
maintain a whitelist of the valid addresses for the domains I
manage and block the rest.
>> [...]
>> If all the mail for a domain is routed to a single mailbox, you can
>> implement whitelisting with a bunch of procmail rules in the
>> mailbox owner's .procmailrc.

Many thanks Peter.
Im familiar with procmail, but im looking for a way of blocking the
connection before the smtp commands have even got to the DATA stage.

Dear Rowland,

At the SMTP level I use the excellent store-and-forward smtp daemon written by Obtuse Systems in the mid 1990's and released under an open-source license. They no longer maintain the code, but it has been taken over by a volunteer and is listed on Freshmeat http://freshmeat.net/projects/smtpd-sd/.

This daemon allows you to write rules based on the server's sender IP and reverse-hostname and the MAIL FROM and RCPT TO addresses in the SMTP exchange. So I maintain client whitelists by including a set of rules allowing the valid addresses through and denying the rest. (It also runs in a chrooted environment for additional security.)

I didn't mention this approach because you ruled out solutions that might require another server. It is possible to use smtpd on the same server as your MTA, but it takes a bit of work. I don't use exim so I don't know how easy this would be for you.

All my incoming mail arrives on the server running smtpd which then forwards the permitted traffic on to my scanning server (running MailScanner, ClamAV and SpamAssassin). This has worked quite well over a period of years.

I suggested the procmail approach because it wasn't clear how much control you had over the server (is it yours?). The procmail solution would work even in a hosted environment, while you'd obviously need to be the server's owner to change the smtp daemon and MTA.

Peter



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



Relevant Pages

  • Re: server rejects messages
    ... portion of the smtp log, please make sure that you copy/paste the entire ... That being said, if this is the smtp log from your Exchange server, I see ... Is there a way to specify which domains or users are valid senders? ...
    (microsoft.public.exchange.admin)
  • Re: Reading Exchange 2003 SMTP Logs / Expected emails dont always arrive
    ... it would help I can import the SMTP VS logs into an excel file with the ... From what I can make out the senders IT ... I have setup SMTP logging and would like some assistance in reading the ... server 'maild.domainn.net' with IP address 1.2.3.4 has established ...
    (microsoft.public.exchange.admin)
  • RE: spambots and dictionary attacks
    ... Most attacks these days seem distributed, ... Im familiar with procmail, but im looking for a way of blocking the ... connection before the smtp commands have even got to the DATA stage. ... require another server. ...
    (Focus-Linux)
  • RE: SMTP Server remote queue length alert
    ... Thank you for posting in the SBS newsgroup. ... automatically creates a SMTP connector for outgoing messages. ... bridgehead defines the Exchange server which can use this SMTP connector to ... What method is used to send outgoing email (DNS route or ISP ...
    (microsoft.public.windows.server.sbs)
  • RE: Exchange, BadMail Folder
    ... always growing after you have removed files from folder and unplug server ... Furthermore,Please refer to the following KB article to clean up the SMTP ... click SmallBusiness SMTP Connector under ... them in a single queue for the SmallBusiness SMTP Connector or for the one ...
    (microsoft.public.windows.server.sbs)