[Dshield] SASL Hacks & Swatch Alternative

David Cary Hart DavidHart at TQMcube.com
Wed Mar 2 18:14:46 GMT 2005


We are continuing to get attempts to relay mail by hacking at SASL
authentication. The problem is solved with strong pwds and swatch
watching maillog for failed attempts and then executing a script to
immediately add a tarpit rule to IPTables.

That said, swatch is a bit messy and, possibly, a tad unstable. I've
googled, freshmeated and sourceforged to death without success. Any
suggestions? I need a log watcher that can execute a script based upon
pcre in real time.

-- 
Total Quality Management - A Commitment to Excellence
Fight Spam: http://www.tqmcube.com/rbldnsd.htm
Daily Updates: rsync -t \
tqmcube.com::spamlists/[README.htm][clients][dynamic][relays][asiaspam]
http://www.tqmcube.com/spam_trap.htm
                




More information about the list mailing list