> From: Jan Pieter Cornet <[EMAIL PROTECTED]> > Subject: Re: [Mimedefang] dictionary attacks looking for a valid user > > An easier solution might be to have a process tail(1) your logfile and > take action on the information there. I think I've even seen something > like that: more than x invalid recipients, and you're firewalled away. >
I have to cringe at the "tail your logfile and take action" part. Sendmail and Mimedefang place data supplied by the calling server into the syslog file, and I could just see someone doing something like: 1. Tail maillog 2. grep "user unknown" 3. sed relay server 4. insert into database "relay server" (which just happens to be spoofed to include a "; drop database mysql" encoded in some obscure form) Ok, so this isn't a precise hack, but you get my point. I'd be really careful playing with a technique such as this... Lot's of error checking ;) _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
