Feucht, Florian writes: > > Perhaps he did, but "locked out CONNECTIONS from that IP for 10 > > minutes" reads differently to me. If Tom had meant what you said, then > > I would have expected something like "locked out authentication attempts > > from that username/IP pair for 10 minutes." > > This idea is great, but doesn't work for me, because all traffic passes > a proxy firewall (including a esmtp daemon) - so the firewall is the one > and only entity which makes a connection to the mailserver...
We have many clients behind firewalls. They too would suffer from a simple block on an IP address. > about the DoS attack: sure, it's possible to knock somebody out of his > mailbox... but i think this is better than if somebody takes it over... I think it's a close call. The difference between somebody deleting your mail before you can read it and somebody blocking your access day after day is small. Yes, if they can delete your mail they can also read it, which may be a bigger problem, but being unable to read your mail is bad enough. As I said before, there are ways to greatly reduce the chances of somebody getting at your mail. Give your mailbox a randomly-generated name and use an alias to deliver to it. Then it doesn't matter how weak your password is because they'll be trying [EMAIL PROTECTED] instead of [EMAIL PROTECTED] This is something that you can do right now, although it is a pain to administer. Maybe vpopmail and qmailadmin should be extended so that there is an option to create random mailbox names with aliases (to avoid name collisions the random mailbox names would have to have to start with an underscore or something like that). > if it happens that somebody starts DDoS this way, i can do the > following: > - look at my firewall log > - find out his (or her's ;) ) IP Address > - block the IP(-Pool) > - contact the ISP, if it doesn't stop. That was a workable solution three or four years ago. These days the script kiddies use distributed DoS attacks using hundreds of computers thay've managed to install backdoors on. You could spend every minute of your life blocking IP addresses and still not be able to pick up your mail. A tarpit is a two-edge sword... -- Paul Allen Softflare Support
