[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vps-mail] Email dictionary attacks - what would you do?
- Subject: Re: [vps-mail] Email dictionary attacks - what would you do?
- From: Scott Wiersdorf <scottw@xxxxxxxxxxxx>
- Date: Mon, 28 Feb 2005 12:01:29 -0700
On Mon, Feb 28, 2005 at 10:36:57AM -0800, Ken Douglass wrote:
> A couple weeks ago, a new client moved one of his domains to my VPS2 and
> suddenly, I have a steady stream of incoming junk mail to non-existent users
> at that domain. It's averaging one every 3 seconds, 24 hours per day. They
> come from new and different IP addresses.
>
> Yesterday's maillog shows 22,977 to this domain
> <http://walnutdesign.com/bw.050227.txt>
>
> In my /etc/mail/virtusertable, I have a catchall:
> @body-wisdom.com error:nouser User unknown at body-wisdom.com
Holy cow--that's some serious dictionary attacking going on. Your
virtusertable entry is your best defense here. I'm astounded at the
numbers of different hosts also. Sounds like a coordinated effort.
I get several hundred a day on some of my domains, but 23k is, er, a
bit much. As long as your server isn't dropping legitimate mail,
you're probably ok. The VPS v2 can handle quite a bit (and you're not
using much bandwidth either because of the catchall).
Putting addresses in the access list is probably a waste of your
personal time; unless you notice an inordinate amount (>1000) of
connections from any particular host, I wouldn't bother with it.
Scott
--
Scott Wiersdorf
scottw@xxxxxxxxxxxx
======================================================================
This is <vps-mail@xxxxxxxxxxxx> <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).
Main Index |
Thread Index