On Thu, 2006-04-20 at 15:30, David F. Skoll wrote: > > Last, I don't worry about them hitting my machines with 10's or 100's of > > connections per zombie (parallelizing their attempts within a given > > zombie). For non-trusted mail relays, I limit the number of connections > > to 2. > > Right, the parallelization I mentioned is against multiple targets > also. Let's say a spammer needs to send 1,000,000 e-mails to people > in 1,000 domains, and the largest domain contains 5,000 victims. If > *each* domain's MX machine limits the spammer to sending one e-mail > every 10 seconds, he can still send all 1,000,000 e-mails in around 14 > hours, or at an effective rate of 20 messages/second.
I have an old but now-defunct domain name that I only continue to accept so I can get mail to hostmaster. I'm using virtusertable to let sendmail reject everything else. The logs show that it is hit by dictionary attacks fairly often with the interesting part being that the messages are being sent by many different machines at the same time but rate limited somehow so there are never more than a few simultaneous connections. -- Les Mikesell [EMAIL PROTECTED] _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
