Results 1 to 9 of 9
  1. #1
    Join Date
    Jul 2004
    Location
    Reporting Live from Marrz
    Posts
    257

    Postfix and Dictionary Attack Banning

    I am watching the stinking spammer run his puny dictionary attack on one of our hosted main sites slowly whole day. There is an option for the non-existent account attempts to delay the delivery after xx seconds, and it works. In the whole day, he managed to try maybe 8-10 names from his dictionary.

    However... is there a possibility or an add-on to ban the IP attempting such actions after X attempts for X seconds/minutes?


    Thanks,


  2. #2
    Join Date
    Jul 2001
    Location
    Canada
    Posts
    1,284
    There was a discussion of this on the ev1servers forum ...
    http://forum.ev1servers.net/printthread.php?t=50435

    Hope it helps.
    "Obsolesence is just a lack of imagination."

  3. #3
    Join Date
    Jul 2004
    Location
    Reporting Live from Marrz
    Posts
    257
    Hm... boy, that is a LOOONG discussion I will read up on it, see what comes up.

    Thanks

  4. #4
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,146
    Dictionary Attack Prevention
    http://www.configserver.com/free/eximdeny.html

    That is a script (for WHM / Exim) that I've used and had some sucess with. And it's Free too!
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  5. #5
    Join Date
    Jul 2004
    Location
    Reporting Live from Marrz
    Posts
    257
    Yup, was using it before while on Exim... I am just snooping around for something for Postfix, before I try to mix something up myself... haven't found anything yet, though.

  6. #6
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,146
    Then you might want to try this "Greylisting" script. Works with almost anything.

    http://projects.puremagic.com/greylisting/links.html
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  7. #7
    Join Date
    Jul 2004
    Location
    Reporting Live from Marrz
    Posts
    257
    Thanks, I was just browsing greylisting.org planning to implement grey- and whitelisting. Postfix has a somewhat simplified greylisting ability built in (not on by default though) so I was looking at it, but I will surely look into the script you posted me.

    And as whitelisting is strongly adviced with greylisting, would this list:

    http://cvs.puremagic.com/viewcvs/gre...itelist_ip.txt

    be OK for whitelisting?


    Thanks again

  8. #8
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,146
    I've also preferred whitelisting as a default. Makes it easier to keep track of those blacklisted.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  9. #9
    Join Date
    Jul 2004
    Location
    Reporting Live from Marrz
    Posts
    257
    Thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •