Is there any way to set courier to automagically blacklist an IP that has tried to contact multiple IDs to see if they are valid after a few attempts? I'm trying to save cycles from dealing with these attacks.
Stolen from a similar discussion at spamassassin list: >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Have a look @ this: http://www.linuxmailmanager.com/tantalus.html
Quote from site:
"In a nutshell, this program will only allow X many wrong email addresses to come from a SMTP server during X amount of time. If they hit the limit, they get blocked for X amount of time. (All the X's are configurable by you)"
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
I didn't know about this so a buddy of mine wrote a brute force perl script which scans my maillog for repeated "user unknown" entries, extracts the IP, and creates an iptables rule to block the address permanently. Lots of downsides to doing it that way. The biggest one is that I collected over 300k addresses attempting dictionary attacks in a week which crippled my little firewall.
In a pinch, I've found that the SpamHaus XBL-RBL is almost as good. Add:
BLACKLISTS='-block=sbl-xbl.spamhaus.org,BLOCK'
to esmtpd.
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
