I have one particular domain on my mail server that gets a LOT of brute force address harvesting attmepts. Over time, I noticed that most of the usernames are repeated over time, usually withing a few days.
I've come up with what I think is a decent defense against it, so I thought I would share, and would like some input if there may be a better way, or any improvements to be made. Here's what I've done: Take a complete 7 day maillog file, and use grep to extract all the lines containing 'invalid address rejected:" Using Excel I made colums separated at the : and the @ which gives me one column with only the user names of the offending addresses. You could use the uniq command, to filter out duplicate entries, although I haven't for this initial test. I dumped all this to a text file called invalid.txt in my assp directory. I then changed the Penalty Trap Address (spamtrapaddresses) value to file:invalid.txt Perhaps something similar could be incorporated into future releases? Log all invalid addresses, and after a certain number of attempts over a specified amount of time, have ASSP automatically add these addresses to the spam trap list. Thanks -Don ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
