Kevin A. McGrail wrote:
All I can really say is welcome to the world of dictionary attacks.
This is par for the course for most of I think on the list.
It's not so much a dictionary attack, at least not to me. They're
all coming to recipients that resemble a message ID, as opposed to some
name like some viruses use. Like, the message SENDER is
[EMAIL PROTECTED], or [EMAIL PROTECTED], and try to deliver TO
[EMAIL PROTECTED], which is of course invalid.
I see dictionary attacks as messages that come from one address/one
IP, targeting a random name at our domain. This one is slightly
different. They also come from different IP addresses, so blocking that
sender's IP doesn't have a whole lot of effect because 2 seconds later
it'll be coming from a different one. On the other hand, using
sendmail's access control, I can at least block anything that has
'[EMAIL PROTECTED]' as the sender, regardless of where it's coming from.
Granted, there may actually BE a legitimate user '[EMAIL PROTECTED]'...too
bad I say.
Now, if it falls in the same category (a dictionary attack), that's
a different story. :)
--
H | I haven't lost my mind; it's backed up on tape somewhere.
+--------------------------------------------------------------------
Ashley M. Kirchner <mailto:[EMAIL PROTECTED]> . 303.442.6410 x130
IT Director / SysAdmin / WebSmith . 800.441.3873 x130
Photo Craft Imaging . 3550 Arapahoe Ave. #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
