Donald Brooks wrote: > I have one particular domain on my mail server that gets a LOT of brute > force address harvesting attmepts. Over time, I noticed that most of the > usernames are repeated over time, usually withing a few days. > > I've come up with what I think is a decent defense against it, so I > thought I would share, and would like some input if there may be a > better way, or any improvements to be made. Here's what I've done: > > Take a complete 7 day maillog file, and use grep to extract all the > lines containing 'invalid address rejected:" > > Using Excel I made colums separated at the : and the @ which gives me > one column with only the user names of the offending addresses. > > You could use the uniq command, to filter out duplicate entries, > although I haven't for this initial test. > > I dumped all this to a text file called invalid.txt in my assp > directory. > > I then changed the Penalty Trap Address (spamtrapaddresses) value to > file:invalid.txt
I wrote that automates that some time ago. http://scripts.asspsmtp.org/invalidAddresses2PenaltyTrap.zip Just change the paths and set the minCount to what you want and you should be good to go. > Perhaps something similar could be incorporated into future releases? Probably not. Kevin ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
