Omar K. wrote: > It appears that some server is abusing my Sender Address Verification. > > They are sending thousands of emails that appear to be from:hotmail to > non-existent email accounts on my server. My IMGATE then goes to check if > that email does in fact exist in hotmail causing a dictionary/harvest > attack on hotmail. > > For now, I have blacklisted the IP address. But how do I prevent this from > happening again as im sure the abusive IP address will change?
Your SAV checks need to be near the bottom, if not last, in your checks. You definitely need to do recipient validation before these checks. SAV's should only occur when it's to a valid recipient. Check out http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt and search for "freemail". This is very effective for me. john
