[CentOS] Email dictionary attacks and firewall

Wed Aug 16 13:13:02 UTC 2006
Steve Huff <shuff at vecna.org>

On Aug 16, 2006, at 9:04 AM, Steve Walsh - Nerdvana Hosting wrote:

> Sounds like what you want is the TeerGrubing plugin for Exim script  
> Marc Merlin from Google wrote. it sends a SMTP 451 back to the  
> server for 10-15 minutes, then closes the connection.
>
> Apparently, he once held a connection open for 72 hours, then  
> called the  guys ISP, who called the FBI, and it just went downhill  
> from there.
>
> More information can be gleened from his page at http:// 
> marc.merlins.org/linux/exim/sa.html
>
>> Don't be sorry, John, I'm gettin pissed bout spam myself...I am  
>> thinking
>> about coming up w/a way to somehow forward the spam msg back to  
>> who ever
>> is relaying it 10 fold to get their attn! John Rose

um, no.  this is a terrible idea.

this trick is only useful if the spammer is mailing directly from his  
box to yours, and these days, that does not seem to be how the bulk  
of the spam i'm getting is sent.  otherwise you're just punishing  
someone else, a (mostly) innocent victim, and engaging it what is  
arguably a violation of your ISP's terms of service, since you're  
trying to DoS the guy relaying mail to you.

there are any number of open relay blacklists; if you're being  
spammed by Joe Average's zombie box, submit it to the blacklists  
instead.

-steve

--
If this were played upon a stage now, I could condemn it as an  
improbable fiction. - Fabian, Twelfth Night, III,v