Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > incidents > 03 > 020562.html (Request Expert securityfocus.com Support)

Re: email address probes

From: Brad Arlt <arlt(at)cpsc.ucalgary.ca>
Date: Wed Feb 05 2003 - 17:26:12 EST

On Wed, Feb 05, 2003 at 08:54:19PM +0000, Andy Bastien wrote:
> Where I work, we've getting lots of attempts to send email to random

Rumpelstilzchen is the fancy hax0r name for the problem.

We use Sendmail and Milter to make this less of an issue. We have a milter program that uses the number of correct addresses vs number of incorrect addresses for each connecting IP address. If the ratio exceeds a certain number all addresses are tempoararily unavailable (return 4xx SMTP error code).

The first ten addresses in a connection are treated normally if the IP address hasn't been marked as guessing too much (exceeded the ratio), so 3 bad addresses can't block a server.

Sounds simple, but is shockingly effective.

We currently don't do automatic recovery, but have never had any complaints in the 3+ months that this has been running (postmaster is allowed through always). Shouldn't be to hard to recover automatically though. 

   __o		Bradley Arlt			Security Team Lead
 _ \<_		arlt@cpsc.ucalgary.ca		University Of Calgary
(_)/(_) 	I should be biking right now.	Computer Science


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Thu Feb 6 11:54:39 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:58 EDT

Do you need help?X
Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library