Dealing with Directory Harvest Attacks

2 posts / 0 new
Last post
#1 Wed, 05/27/2009 - 09:32
christophera

Dealing with Directory Harvest Attacks

One of my domains is the .com of a common surname.

I get these constant spam attacks where the spammer sends to every possible combination of names and words @mydomain.com I think this kind of thing is called a directory harvest attack, correct?

They come from a wide variety of ips and different addresses.

I only use five addresses on this domain. All these other emails are rejected or bounced away be postgrey or the server responding that user doesn't exist.

However, these things are coming in sometimes several per second. Is there a more efficient way to handle them? Like perhaps something in front of postgrey that says 'if not these specific addresses, ignore'?

Chris

Wed, 05/27/2009 - 09:49
andreychek

You might consider looking into some Postfix rate limiting.

A few options you can tweak are:

http://www.postfix.org/postconf.5.html#smtpd_error_sleep_time

http://www.postfix.org/postconf.5.html#smtpd_soft_error_limit

http://www.postfix.org/postconf.5.html#smtpd_hard_error_limit

You can make those changes by editing /etc/postfix/main.cf, and then restarting Postfix when you're done.
-Eric

Topic locked