Re: Distributed Dictonary email slam

[Barney Wolff <barney () databus com>]

On Sun, Sep 05, 2004 at 03:39:50PM -0600, Matt Hess wrote:
> And of course a few suggestions to mitigate this would be appreciated.. 
> I currently employ multiple blacklists such as spamcop.net, abuseat.org, 
> spews level 1 and 2, and spamhaus, plus my own blocklists for china and 
> korea to check on incoming email source addresses.

Happened to me a few times, which is funny for a 1-man company with very
few legit user-ids - >100K requests per day for nonexistent users.  I
used ipfw to limit each sender to 1 simultaneous conns, turned on sendmail's
delay on bad users after 1 and edited the sendmail source to wait 10 sec
before responding rather than 1.  That seems to have discouraged them some.

As has been mentioned, the key is either not to have/be a secondary mx or
to make it smart enough to know who's valid, to avoid DoSing the forged
senders.

-- 
Barney Wolff         http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.