Directory Harvest Attack - SpamAssassin

This is a discussion on Directory Harvest Attack - SpamAssassin ; I am undergoing a massive directory harvest attack. Is there a good set of rules that will help stop this or a place anyone could point me. Best Regards, Jason Holbrook Chief Technology Integrator / Partner Empower Information Systems jholbrook@empoweris.com ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Directory Harvest Attack

  1. Directory Harvest Attack

    I am undergoing a massive directory harvest attack. Is there a good set
    of rules that will help stop this or a place anyone could point me.



    Best Regards,

    Jason Holbrook

    Chief Technology Integrator / Partner

    Empower Information Systems

    jholbrook@empoweris.com

    weblog.empoweris.com

    www.empoweris.com

    Skype: holbrook.jason

    Gtalk: jaholbrook

    757-320-2667 (Direct)

    757-273-9399 (office)

    757-715-1944 (cell)

    866-477-1544 (toll free)





    This message is being sent by or on behalf of Empower Information
    Systems. It is intended exclusively for the individual or entity to
    which it is addressed. This communication may contain information that
    is proprietary, privileged or confidential or otherwise legally exempt
    from disclosure. If you are not the named addressee, you are not
    authorized to read, print, retain, copy or disseminate this message or
    any part of it. If you have received this message in error, please
    notify the sender Jason Holbrook immediately by e-mail
    jholbrook@empoweris.com and delete all copies of this message.



    Empower Information Systems operates under a zero spam policy. If you
    believe this message to be spam, please contact abuse@empoweris.com





  2. Re: Directory Harvest Attack

    Jason Holbrook wrote:
    > I am undergoing a massive directory harvest attack. Is there a good set
    > of rules that will help stop this or a place anyone could point me.


    Assuming you are doing obvious things, like not accepting mail for
    non-existent users, and using whatever tweaks are available in your MTA
    (bad recipient throttle, etc), an IDS like ossec will help. (free)
    http://ossec.net/ It'll block using the system firewall if an IP hits
    your machine more than a few times causing log entries that it triggers
    on. There are default rules for common MTAs.

    Ken


    >
    >
    >
    > Best Regards,
    >
    > Jason Holbrook
    >
    > Chief Technology Integrator / Partner
    >
    > Empower Information Systems
    >
    > jholbrook@empoweris.com
    >
    > weblog.empoweris.com
    >
    > www.empoweris.com
    >
    > Skype: holbrook.jason
    >
    > Gtalk: jaholbrook
    >
    > 757-320-2667 (Direct)
    >
    > 757-273-9399 (office)
    >
    > 757-715-1944 (cell)
    >
    > 866-477-1544 (toll free)
    >
    >
    >
    >
    >
    > This message is being sent by or on behalf of Empower Information
    > Systems. It is intended exclusively for the individual or entity to
    > which it is addressed. This communication may contain information that
    > is proprietary, privileged or confidential or otherwise legally exempt
    > from disclosure. If you are not the named addressee, you are not
    > authorized to read, print, retain, copy or disseminate this message or
    > any part of it. If you have received this message in error, please
    > notify the sender Jason Holbrook immediately by e-mail
    > jholbrook@empoweris.com and delete all copies of this message.
    >
    >
    >
    > Empower Information Systems operates under a zero spam policy. If you
    > believe this message to be spam, please contact abuse@empoweris.com
    >
    >
    >
    >



    --
    Ken Anderson
    Pacific.Net


+ Reply to Thread