Hello list,
I need some advise on how to proceed. My organization has been getting crushed by dictionary (or Rumplestiltskin, if you will) attacks. Up until about two weeks ago, the situation was manageable. But now, the volume of traffic is growing out of control. The attacks are beginning to slow down not only our mail server, but the company's T-1, as well. I just recently starting using a DNSRBL to help filter traffic, but I'm not sure that it is really helping. I guess what I really need to know is:
1. When does the DNSRBL checking happen?
I've integrated the checks into Sendmail, not MD or SA.
2. Do the DNSRBL checks happen before, or do they prevent, Sendmail from checking to see whether the recipient addresses of real or not?
The reason I ask is that I believe a large part of what is slowing us down is all the "User unknown" replies generated by the dictionary attacks. Turning off the replies is not an option, unfortunately. Also, if a spammer sends a piece of mail with 50 people CC'd, and the DNSRBL decides that sender is a spammer, does the rejection error get sent to the sender once, or once for each person he CC'd?
I've also tried using the throttling technique in Sendmail to slow these attacks, but it doesn't really seem to have helped. Is there anything I'm missing? Are there any options available in MD to help put a stop to the attacks?
THanks for any help, Brian _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
