Preventing Dictionary attacks?

empoweri

empoweri

Verified User
Joined
Feb 15, 2005
Messages
46
Location
New York
Hi I found this on the new for cPanel. Will this work with DA? We've been getting hit with many dictionary attacks and would like to decrease them.

http://configserver.com/free/eximdeny.html

i'm not familar with exim and how to configure it. I have spamblocker 2.0 installed.

Also is there any references/books available to learn how to setup exim and customize it?

exim.org site kinda stinks for documentation.
 
I've read the docs about the ACL and although it sounds good at first, the following sentence worries me:

"We detect a dictionary attack by checking the number of failed RCPT commands issues during a single SMTP connection."

I've already seen dictionary attacks where for each attempt a new smtp connection was made. This would defeat the ACL functionality. Also, for those spammers that use a single smtp connection it's probably an easy switch to multiple smtp connections once the use of ACL gets widespread. I think it would be better to track the mailing behavior of a sender without taking smtp connections into account, or at least don't stop there because it's too easily defeated.
 
Last edited:
yea agreed. Maybe a better way is not via IP BUT via sent to domain. We see many names tied for one domain BUT from many different IP addresses. Question is then how do you block this type of attack?

It's nuts how many unsecured servers are out there.
 
A change to the .pl file would be required to make the ACL work across multiple SMTP connections.

And definitely some changes to the ACL so it'll work in our exim.conf file, which doesn't use the same whitelist files as does the CPanel one.

You can play with this now on your own if you're willing to experiment...

But...

I've put it into my list of updates for the next release of the SpamBlocker exim.conf file.

Jeff
 
You must log in or register to reply here.
Back
Top