List Info

Thread: Re: Dictionary Attacks - Need Advice
Re: Dictionary Attacks - Need Advice
country flaguser name
United States		 2007-03-31 13:25:54 
Thanks Ryan! 

All mail systems are one hop away and I am using a transport
map file. I
am also using the address_verify_map cache file so I will go
ahead and
make the changes and let you know the results.

Dave

-----Original Message-----
From: Ryan Delany [mailto:ryanrynogear.com] 
Sent: Saturday, March 31, 2007 12:32 PM
To: David A. Lewis
Cc: maia-usersrenaissoft.com
Subject: Re: [Maia-users] Dictionary Attacks - Need Advice

Dave,

http://www.postfix.com/ADDRESS_VERIFICATION_README.html

Assuming your Maia server is one-hop away from your mail
server, this is a
great solution.  Just make sure you set the following once
you are
comfortable that this is working for you:

unverified_recipient_reject_code = 550

If you don't, the problem won't get any better since the
sending mail
servers will retry and consume all your smtpd processes. 
Mine dropped
from being maxed out at 200 to an average of about 10-12
concurrent smtpd
processes after implementing this feature.  I also use
address_verify_map
to cache the results, and my cache file is around 100MB on
average, so not
a huge disk space commitment for such a useful feature.

Ryan

> Been running Maia for about 45 days now and it has been
great. We have 2
> servers sharing a single database and each server was
set to the default
> smtp processes but I was finding that some customers
would have their
mail
> delayed for hours at times (very sporadic). I
determined that the delay
> was a result of the number of smtp maxprocesses
(default is 100). I have
> doubled the maxproc and even set it to unlimited but
the underlying
> problem here is the amount of rejected messages due to
dictionary
attacks.
> I installed mailgraph on each server and found that at
times the number
of
> rejected messages on each server gets close to 1000 per
minute. All of
> these are the result dictionary attacks and I do not
see how adding an
> additional Maia server would help since it only
provides the spammers
with
> another resource for their attack on our servers.
>
> I would like to know if anyone else has encountered
this problem and
what
> they might have done to resolve it or at least slow the
spammers down.
We
> handle email for many domains and some of the final
MTA's are not under
> our control.
>
> Any suggestions would be greatly appreciated!
>
> Thanks,
> Dave
>
>
> _______________________________________________
> Maia-users mailing list
> Maia-usersrenaissoft.com
> http://www.renaissoft.com/mailman/listinfo/maia-users
>



_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )