Jan Pieter Cornet wrote: > It's tricky. I haven't done this yet but I'm sortof planning to. One > possibility is to make sure all valid adresses are in virtusertable, > and all invalid adresses map to some magic token that sendmail believes > is valid, but really isn't. You could catch the magic token in > mimedefang and always return a "user unknown" error, and at the > same time mark that this happened on this connection...
Unfortunately, MIMEDefang only sees exactly what was in the RCPT TO: command. It doesn't know the results of virtusertable changes. (Though it occurs to me that it can see the mailer, so if you map invalid addresses to something magical in virtusertable, and have that magical thing select the "error" mailer, then MIMEDefang might see it... have to test.) > An easier solution might be to have a process tail(1) your logfile and > take action on the information there. I think I've even seen something > like that: more than x invalid recipients, and you're firewalled away. That's much easier. I have a script I run for a similar purpose: It firewalls off anyone who attempts to log in via SSH with an invalid password. There are lots of SSH brute-forcers around. Regards, David. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
