[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [filtered-ww] [vps-mail] Issue re sendmail/ abuse (attempted relay????)
- Subject: Re: [filtered-ww] [vps-mail] Issue re sendmail/ abuse (attempted relay????)
- From: Bruce Armstrong <bruce@xxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 22 Aug 2003 13:58:46 -0600
On VPS1, tcpwrappers can be used to block the connection without even
starting a sendmail process.
Add the following to your ~/etc/hosts.allow before the 'ALL : ALL :
allow' line:
smtp : 200.3.224.50 : deny
You will start seeing the following in your ~/var/log/messages:
<36>Aug 22 19:39:46 tcpwrap[6831]:refused connection from 200.3.244.50,
service smtp (tcp)
There are some other interesting possibilities with tcpwrappers, worth
checking out.
--Bruce
On Thu, 2003-08-21 at 17:43, Weldon Whipple wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Thu, 21 Aug 2003, Abigail Marshall wrote:
>
> > Here's the problem - I noticed that my messages file had a
> > lot of entries like this:
> >
> > ><XX>Aug 21 15:00:17 sendmail[65008]: h7LL0HNA065008:
> > >[200.3.224.50] did not issue MAIL/EXPN/VRFY/ETRN during
> > >connection to stdin
> >
> > About 1270 entries, at the rate of about 3 or 4 per minute.
> > This is from 2:00 am last night - 13 hours - so basically
> > it's about 100 hits per hour.
> >
> > There is no reverse DNS for that IP, which appears to
> > originate from some ISP in Brazil.
> >
> > I added that IP to the Access file.
>
> I don't know if this will help on VPS1 (where it is iservd that makes the
> connection--rather than a daemonized sendmail as on VPS2). You could try
> prefixing the IP address with "Connect:", like so:
>
> Connect:200.3.224.50 REJECT
>
> (On VPS2, if I remember correctly, sendmail will cut off the connection as
> soon as it senses who it is that is trying to connect ...)
>
> Adding the Connect: prefix might not make any difference, but it might be
> worth a try.
>
> > Is there anything else I can do? I'm wondering how this sort
> > of stuff impacts overall server load and performance of
> > Sendmail.
>
> As long as he doesn't bring down your server (and as long as other
> legitimate mail can get through), it might just be a matter of waiting out
> the jerk until he gets bored ...
>
> Weldon
>
> - --
> Weldon Whipple <weldon@xxxxxxxxxxx>
> http://www.whipple.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (FreeBSD)
>
> iQCVAwUBP0VZOd+005Ecx7aRAQFgTwP/XXTKBp5IPTvLgbJ/B4s4Wfg0U2VLhBa6
> ZjjQfwOjuqw7y9m0Jp00q0AE46L5mFG23CK5eQ0LFjjxW3A586aC9JKn8k8NFm45
> 7w0aev1wQHc9eZGb1qS93WIhwVvCFsnAbq5CCWJi6l87MJ3+jQhU9YTH5YoG0Z1I
> FCk1E40pVzk=
> =MAfk
> -----END PGP SIGNATURE-----
> ======================================================================
> Technical questions regarding this list may be sent to
> <vps-mail-owner@xxxxxxxxxxxx>. You may request an automated help
> response by sending an email with the word 'help' (w/o quotes) in the
> BODY of the message (subject is ignored) to <vps-mail-request@xxxxxxxxxxxx>.
> ======================================================================
>
======================================================================
Technical questions regarding this list may be sent to
<vps-mail-owner@xxxxxxxxxxxx>. You may request an automated help
response by sending an email with the word 'help' (w/o quotes) in the
BODY of the message (subject is ignored) to <vps-mail-request@xxxxxxxxxxxx>.
======================================================================
Main Index |
Thread Index