[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vps-mail] Email dictionary attacks - what would you do?

Subject: Re: [vps-mail] Email dictionary attacks - what would you do?
From: Godwin Stewart <gstewart@xxxxxxxxxxx>
Date: Tue, 1 Mar 2005 10:43:10 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 1 Mar 2005 01:28:51 +0000, Harrison Hind <hhind@xxxxxxxxxxxxx>
wrote:

> I may be able to be more picky than most because I rely on reselling 
> hosting to supplement my income rather than put bread on the table, 
> but I think that you need to balance the effort required to support
> such a client with the return on that effort.

One thing the OP, Ken, can do is impose a condition whereby this user has
to change the way his e-mail is managed. What I'd do is have him change his
e-mail addresses from user@xxxxxxxxxx to something like
user@xxxxxxxxxxxxxxxx

Next, have the original MX entry in DNS modified this way:

@		IN	MX	10 localhost
localhost	IN	A	127.0.0.1

This will have the effect of directing any and all attempts to mail
anything@xxxxxxxxxx where it can't be delivered. The bogus MX *must* be
there because in the absence of any MX, an MTA (except older versions of M$-
Exchange, trust that to get it wrong...) will fall back on the domain's A
record.

Now set up a new MX record:

mail		IN	MX	10 domain.tld.

(assuming domain.tld resolves to the IP address of your VPS2)

Of course, do this *after* you've had a look at the website to see if
there's any irresponsible behaviour happening there, such as e-mail
addresses in the clear on web pages for example. Once spammers latch onto
one e-mail address, they will try all kinds of combinations of addresses at
the same domain.

Now sit back and see how long it takes for the mess to start again.

- -- 
G. Stewart - gstewart@xxxxxxxxxxx

The most difficult years of marriage are those following the wedding.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQFCJDkuK5oiGLo9AcYRAlVBAJ4rry5SzgRa967gCS5PDEpE0g79UwCbBYPu
fjyoDMePihRV5pjyGpC3OFA=
=Wa+6
-----END PGP SIGNATURE-----

======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).

References:
- RE: [vps-mail] Correcting SA rules
  - From: Jim Smith
- [vps-mail] Email dictionary attacks - what would you do?
  - From: Ken Douglass
- Re: [vps-mail] Email dictionary attacks - what would you do?
  - From: Harrison Hind

Prev by Date: RE: [vps-mail] Email dictionary attacks - what would you do?
Next by Date: [vps-mail] !nouser problems
Previous by thread: Re: [vps-mail] Email dictionary attacks - what would you do?
Next by thread: RE: [vps-mail] Correcting SA rules
Index(es):
- Date
- Thread

Main Index | Thread Index