How do I protect myself against spamming tools that just guess at addresses?

  1. Home
  2. Knowledge Base
  3. GMS
  4. How do I protect myself against spamming tools that just guess at addresses?

Question

I have just downloaded a spamming tool that opened 2 threads to my GMS server and started guessing names.

In the SMTP logs, I can see the following entries as a result of this attack:

SMTP 14 Mar 2002 11:10:44 A 3084 1227 RCPT TO:<cgy@company3.dom>

SMTP 14 Mar 2002 11:10:44 A 0000 1227 550 5.1.1 Unknown user.

SMTP 14 Mar 2002 11:10:44 A 3084 1226 RCPT TO:<chc@company3.dom>

SMTP 14 Mar 2002 11:10:44 A 0000 1226 550 5.1.1 Unknown user.

SMTP 14 Mar 2002 11:10:44 A 3084 1227 RCPT TO:<chd@company3.dom>

SMTP 14 Mar 2002 11:10:44 A 0000 1227 550 5.1.1 Unknown user.

Answer

We have now added a feature to SMTP similar to the POP logon delay.

We now automatically add the attacking client IP to a list of dynamically banned IP if SMTP is called upon to try and process too many bad RCPTs. This limit is user set and so you have full control over how many bad RCPT clauses you wish to accept before banning the IP.

This new banned list is checked at connect time so that IPs already banned simply cannot try their dictionary attack on the server any longer. The list of banned IPs is reset at midnight so that you do not need to worry about resetting this feature or the banned list – it is all done for you.

It should be noted that these dictionary attacks do not cause a problem with SMTP or indeed with GMS which can easily handle them without any adverse impact on the system. We are now blocking these attacks as part of our commitment to help our customers stop spam.

See Also:

Keywords:spam JUCE dictionary attack Spam checker GMS Anti-spam anti spam antispam

Was this article helpful?

Related Articles