SPAM - Stopping Rumpelstiltskin Attacks?

← Back to Stories (view on slashdot.org)

SPAM - Stopping Rumpelstiltskin Attacks?

Posted by Cliff on Wednesday April 18, 2001 @11:55PM from the errecting-more-barriers-for-SPAM dept.

WaldoJ asks: "I often see spammers connecting to my mail servers and attempting to send mail to a series of common first names, usually a dozen or two at a time. A few get through, but most don't, and it's up to me to skim through my logs and manually block their IPs, since they'll inevitably return later on if I don't. Has anybody written a program to halt Rumpelstiltskin attacks after X failed addresses? Or, better yet, one that also automatically adds their IP to Sendmail's access database to block them from returning?"

4 of 20 comments (clear)

Min score:

Reason:

Sort:

Add another mail server by shagster · 2001-04-18 20:51 · Score: 3

The best way I found to stop this is to always have two mail servers. One that users use that only allows SMTP AUTH to send mail and one for relaying to that server. Yes, you have two servers, but the front one only stores and forwards. You can then add a bit more checking (virus scanning, type checking, spam check) without effect your users server. Usually I sync up the user database on the bankend server to virtusers on the front end and reject anything that isn't in virtusers. The front machine my get beat on a bit, but atleast the mail that is getting through to the users is valid emails.
Then just write a script that monitors the sendmail logs of many rejects and add that IP address to your access file, blocking it of course.
Re:Open Relays?? by waldoj · 2001-04-19 00:18 · Score: 3

Well, I'll say it explicitly now: this is mail to local users. You're right, it would be stupid of me to permit relaying so, of course, I don't allow it. If my server is example.com, I would see attempts to send mail that look like this:

david@example.com
dan@example.com
mike@example.com
bill@example.com

And so on. It really bugs me.

Waldo
you could block dial up users by toast0 · 2001-04-18 20:43 · Score: 3

by using the MAPS Dial-up User List

assuming the spammers are using dialup this would force them to use a relay server (that is not listed as a dial up ip) to get mail to you, which most legitimate users mailing you would allready be doing.

of course if they use an open relay you're back to square one, but this is a decent first step.

--
Need a Catering Connection
have you seen this? by crovax · 2001-04-18 20:32 · Score: 3

http://slashdot.org/article.pl?sid=01/04/19/041120 1&mode=flat

--
Spelling by m-w.com.