Daniel A. de Araujo wrote:
> Hi Guys,
>
>
> We are receiving a lot of faked emails from outside using our own
> domain using Dictonary Attacks from the same source IP.
> Does anybody know a way (or a trap) to detect and block it ?
Several options to deal with it, with varying degrees of efficacy and
effort involved.
1) If it's just one source, just block the source IP with a
/etc/mail/access entry or a firewall entry.
2) if you use sendmail as a MTA, turn on the BAD_RCPT_THROTTLE option
/etc/mail/sendmail.mc:
#after 5 invalid recipients, start slowing them down with 1
second sleeps
define(`confBAD_RCPT_THROTTLE',5)
(and follow up by rebuilding sendmail.cf with m4, then restart
sendmail.)
3) do something like rumplekill
http://bignosebird.com/notebook/rumplekill.shtml
