This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMTP Proxy Wishlist to Blackhole spammer

It would be nice to be able to blackhole somebody that sends more than XX messages and where a recepient doesn't exist.

For instance:

Some spammers try random common names against a domain, if there is a trigger that says that after 10 attempts (unexisting users with the same domain) it will blackhole the
sender...

This will avoid repeated queries (hundreds of them) against the back-end mail server to check the username.

Do you think would be useful?

Thanx!

Neko

This thread was automatically locked due to age.

0 martindw over 21 years ago

Excellent idea. . .gets my vote!

Dan
Cancel
Vote Up 0 Vote Down

Cancel
0 PenTest over 21 years ago in reply to martindw

and my vote as well.

also worth considering an outgoing option as well (with different triggers) to limit exposure from a breached/misconfigured mail server or rogue internal user.
Cancel
Vote Up 0 Vote Down

Cancel
0 OfficeDefender over 21 years ago

Awesome idea! I've seen this implemented on mail servers before, and it's a very effective measure against spam/dictionary attacks. After X number of failed attempts within Y seconds, blacklist the source IP address for Z minutes. X,Y, and Z are all admin-configurable. It's important to have the Z variable so that you don't have to go in and administer a blocked IP address list. There's also usually a "clear blocked IPs" button nearby just in case an important IP has been blocked and the list needs to be reset.

-Steve
Cancel
Vote Up 0 Vote Down

Cancel
0 Toto over 21 years ago

yep... VERY good.. also my vote for this
Cancel
Vote Up 0 Vote Down

Cancel