Spammers don't just send email to addresses they know, but also make up addresses on the off-chance that they exist. This may seem hard work, but with modern broadband connections (usually someone else's - inadvertantly running an open relay), and a dictionary of names, they can send messages to every imaginable address at your domain. Mailtraq detects and blocks dictionary attacks.
The service limits IP addresses to 10 "mailbox not found" errors per 30 minutes.
Prevents dictionary attacks on SMTP, POP3, IMAP and FTP.
Firewall denials also contribute to dictionary attack counters.
This functionality is always enabled; there is no configuration required.
To avoid obscuring the view, the Dictionary Attack Manager prevents repeated log entries (over 50 attacks).
The Dictionary Attack Manager can be easily configured to notify by email when attacked. The email is sent to the Postmaster by default, but can be sent to any internal or external address.
If the incoming IP address is part of the LAN definition list
then the Dictionary Attack manager is not used.
Important - for the Dictionary Attack prevention to work the 'Undelivered Mail' setting must be:
[x] Return Undelivered mail to Sender otherwise you are explicitly saying that you will accept all mail for any address.
My Mailtraq server got hit by a POP3 dictionary attack this morning. 41,903 connection attempts in 12 minutes, and all but the first 10 were denied after MTQ determined it was being attacked. End result: one huge log file, one phone call to the IT department of a certain Canadian institute of higher education, but most importantly, one completely unperturbed mail server.