Ki Song wrote: [snip] >>You don't. You firewall off the server that's doing the dictionary >>attack and then your mail server will never see the connections from it, >>hence no logging. > > > Isn't that just putting a "bandaid" on the problem ... I mean, isn't the > list of ip addresses that i firewall off eventually going to be too big to > manage? > > If the above isn't true, is there a central location that people can get a > hold of that has a list of "bad ip" addresses? Similar to Spamassassin's > list? > > >>Paul. >> >>-- >>fedora-list mailing list >>fedora-list@xxxxxxxxxx >>To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list > > In my personal experience, dictionary attacks tend to be (relatively) short lived, as the script that generate the messages must have a fairly low time-out. Odds are good that the MTA that's trying to connect to your machine is not a host with a proper MX record, and if it is, it's probably not configured correctly. You could probably stop postfix from even accepting connections from it by implementing the recommendations described here: http://www.postfix.org/uce.html You could also dive into header_checks as well. One positive aspect of implementingthese suggestions is that over time you should see less and less spam, as your domain gradually falls off the "known good" lists. Best o' luck! DP -- David-Paul Niner, RHCE Orange Park, Florida, United States GPG Key ID: 0x106B54E3
