RE: [vps-mail] Email dictionary attacks - what would you do?

["Ken Douglass" <ken-pt@xxxxxxxxxxxxxxxx>]

Scott,
Yes, daily fussing with the access list is wasting my time. 

So would you just wait it out, hoping it will stop by itself?

When watching the logs, how would I know when I'm dropping legitimate mail?

I see a lot of "lost input channel from..."
http://walnutdesign.com/bw.050227.lost_input.txt
I think this means the other side gave up and closed the connection after
getting my error back, without saying QUIT before going away. Does this mean
my server sitting, waiting, and perhaps not available for other traffic?

-Kenny


> Holy cow--that's some serious dictionary attacking going on. Your
> virtusertable entry is your best defense here. I'm astounded at the
> numbers of different hosts also. Sounds like a coordinated effort.
> 
> I get several hundred a day on some of my domains, but 23k is, er, a
> bit much. As long as your server isn't dropping legitimate mail,
> you're probably ok. The VPS v2 can handle quite a bit (and you're not
> using much bandwidth either because of the catchall).
> 
> Putting addresses in the access list is probably a waste of your
> personal time; unless you notice an inordinate amount (>1000) of
> connections from any particular host, I wouldn't bother with it.
> 
> Scott
> -- 
> Scott Wiersdorf
> scottw@xxxxxxxxxxxx
> ======================================================================
> This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
> Before posting a question, please search the archives (see 
> above URL).

======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).