> I need to have a way to stop dictionary attacks ... unless there is a
> better way I was going to extract the TO address and discard the email
> in mimedefang-filter if the user did not exist when compared against a
> database table of valid users. I'd be interested to know the
> preferred way to handle this.
[Shameless Plug] Our commercial CanIt software has a dictionary-attack
detector built in that firewalls off hosts that send to too many invalid
We detect valid recipients in a variety of ways (depending on the setup)
including SMTP call-forwards, LDAP, etc.
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.