What is the best way to protect against dictionary attacks in Postfix?
Exim has a rcpt_fail_count variable I use to drop connections with the
attacker:
drop condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
log_message = Dictionary Attack Rejected (Began blocking after
$rcpt_fail_count recipients failed). Ratelimit incremented.
ratelimit = 0 / 2h / strict / per_conn
message = Number of failed recipients exceeded. Come back
in a few hours.
I am switching from Exim to Postfix and looking for a mechanism to block
these attacks.
--
John Schmerold
Katy Computer Systems, Inc
https://katycomputer.com
St Louis
