Thanks Matt. The 2nd option looks fine, but we use Postfix. Do u (or somebody) know how to implement this option at Postfix ?
txs Daniel. -----Mensagem original----- De: Matt Kettler [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 23 de mar�o de 2005 17:24 Para: Daniel A. de Araujo Cc: [email protected] Assunto: Re: Dictionary Attack Daniel A. de Araujo wrote: > Hi Guys, > > > We are receiving a lot of faked emails from outside using our own > domain using Dictonary Attacks from the same source IP. > Does anybody know a way (or a trap) to detect and block it ? Several options to deal with it, with varying degrees of efficacy and effort involved. 1) If it's just one source, just block the source IP with a /etc/mail/access entry or a firewall entry. 2) if you use sendmail as a MTA, turn on the BAD_RCPT_THROTTLE option /etc/mail/sendmail.mc: #after 5 invalid recipients, start slowing them down with 1 second sleeps define(`confBAD_RCPT_THROTTLE',5) (and follow up by rebuilding sendmail.cf with m4, then restart sendmail.) 3) do something like rumplekill http://bignosebird.com/notebook/rumplekill.shtml Esta mensagem eletronica (e qualquer anexo) e confidencial e enderecada ao(s) individuo(s) referidos acima e a outros que tenham sido expressamente autorizados a recebe-la.Se voce nao e o destinatario(a) desta mensagem, por gentileza nao copie, use ou divulgue seu conteudo. Caso voce tenha recebido esta mensagem equivocadamente por favor, apague esta mensagem e eventuais copias. This e-mail communication (and any attachments) is confidential and is intended only for the individual(s) named above and others who have been specifically authorized to receive it. If you are not the intended recipient, please do not read, copy, use or disclose the contents of this communication to others. Please then delete the e-mail and any copies of it. sem acentuacao ...
