[EMAIL PROTECTED] wrote on 04/21/2004 09:51:20 AM: > > Since I am assuming by LDAP, you really mean MS LDAP or AD for Microsoft > Exchange, I *really* recommend the LDAP to Access table solution.
Actually, they are mostly Lotus Domino servers, but we are filtering for one Exchange server already. They are all in seperate internet domains. > A) it's the most basic level to reject the connection with sendmail before > throwing the email to a 20MB+ program Thats why I was interested in building a single aggregatte LDAP and pointing sendmail at it. > C) all the research and reading we have done tells us that an NT/2K/2K3 > server will NOT withstand a dictionary attack that causes LDAP lookups > galore. The concept of "lightweight" behooves Microsoft programmers ;-) In > fact, the threshold was ridiculously low like 3 queries per second tying up > a 450Mhz PII server. Granted you might have a better server but still, > that's ridiculous scalability. Somehow I amd not supprised. You mean "lightweight" doesn't mean "collapse under slight load"? <g> > In closing, a second solution I might suggest is the idea I had for the > check against SMTP server in MD. In short, build a DB tie that caches > correct and incorrect answers on the fly and expires them periodically. > Unfortunately, because of dictionary attacks, this could lead to a > *potential* DoS if you get 4 billion incorrect requests on a server with 15 > correct answers. Sure, if I was more of a programmer!! I used to be, but have been on the system admin (especially mail servers of late) side of things for quite a while and the programming skills are pretty rusty! I'm still learning the basics of perl. This sounds like it would be a bit of a project. > I can also recommend, for those that haven't figured this out yet, do NOT > use first name emails (i.e. [EMAIL PROTECTED]). Use's multi-name, > firstname.lastname, firstinitial.lastname, etc. etc. We are DEFINITELY > seeing ratware that is taking SPAM lists and DOMAIN lists and lists of names > and combining it all into super dictionary attacks. Think about entire days > filled with nothing but email addresses starting with > [EMAIL PROTECTED] for the most part, it's FisrtinitialLastname without a seperator. Makes it easy to send someone email, but also easy for the spammers. I'm convinced that sender authentication like SPF is the way to go. I was reading the spooge from Microsoft about Domain keys, and he wants to violate RFCs by using underscores in DNS records. Not to mention the complexity of XML in DNS records. What's wrong with plain text in the right format? (OK, getting off the soapbox now) > <SCARY THOUGHT FOR DAY> What's really scarry is I had the same thought about a GAIN type network of spam zombies yesterday! Were you eavesdropping on my thoughts in the shower? <VBG> > <HAPPY THOUGHT FOR DAY> > If the above happened, the "legitimate" spyware programs would all look > REALLY bad and be lambasted by the media, FTC, consumer groups, consumers, > gophers, etc. > </HAPPY THOUGHT FOR DAY> Why can't spyware be prosecuted under current hacking laws (at least in the US) as an illegal use of computer resources - CPU cycles if nothing else? For that matter, do the same with virus writers. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
