Re: Discovering users by RCPT TO

From: dmz (dmz_at_dmzs.com)
Date: 01/14/05

  • Next message: Cure, Samuel J: "RE: Sample Risk Assessment Report"
    Date: Fri, 14 Jan 2005 08:57:12 -0800
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I see spammers hitting my MTA daily with dictionary RCTP TO queries
    and there isn't much you can really do against it; however I have been
    thinking about a solution using real time blockers.

    The idea is to monitor the logfile of the MTA, looking for a host
    getting more than "X" failed destination addresses (I think 2 or 3 is
    a nice entry threshold). Then when they reach the threshold their IP
    gets put into a local DNS server that is used by the MTA to as a real
    time blocker.

    This wouldn't' require more than another RBL addition to the MTA and
    then an external script tied to either bind or djbdns.

    thoughts?
    dmz

    Vince Hoang wrote:

    |On Thu, Jan 13, 2005 at 02:20:12PM -0500, Chris Buechler wrote:
    |
    |>I'd recommend disabling it unless you get flooded by such spam
    |>attacks. I would probably consider it unnecessary information
    |>disclosure, depending on the environment and reason (if any)
    |>for doing it that way.
    |
    |
    |Some MTAs allow permit you to drop the session after a certain
    |number of failures, but that only slows down the dictionary
    |attacks.
    |
    |You cannot disable RCPT TO because that is how the SMTP protocol
    |designates the recipients.
    |
    |-Vince
    |
    |
    |
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.5 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFB5/nolzAVE2tZub0RAm42AJ99EswcipKsDd3mn9fGo6623n9+HwCgv58+
    XznoJeXySxmgJFxFmy9cBgg=
    =/Zsq
    -----END PGP SIGNATURE-----


  • Next message: Cure, Samuel J: "RE: Sample Risk Assessment Report"

    Relevant Pages

    • Re: Can I remove sendmail?
      ... redirected to which ever MTA is active. ... since this is handled in Fedora using alternatives and virtual ... The thread was about removing sendmail: ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ ...
      (Fedora)
    • Re: how can i turn /dev/null into an MTA?
      ... Why should every MUA implement the functionality of an MTA? ... Let your installer install one, then edit the config so the MTA aliases ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
      (Debian-User)
    • Re: [opensuse] Thunderbird - losing email (archive stops 2010, inbox empty before 5/2011)
      ... The server is postifx, the mta is dovecot, the mailbox is imap. ... The emails were stored in thunderbird own storage, or in dovecot's imap folders? ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ ...
      (SuSE)
    • Re: Can I remove sendmail?
      ... The MTA on Fedora systems is hooked into the ... alternatives infrastructure so even if you install and enable postfix ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ ...
      (Fedora)
    • Re: lost input channel
      ... You need GnuPG to verify this message ... Pretty old/buggy kernel, RH 7.3 is outdated, some recent patches ... Never used, is squirrelmail your MTA? ...
      (comp.os.linux.misc)