MailScanner & DoS
Stephen Swaney
steve.swaney at fsl.com
Mon Mar 6 02:21:33 GMT 2006
________________________________________
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Devon
Harding
Sent: Sunday, March 05, 2006 8:36 PM
To: MailScanner discussion
Subject: Re: MailScanner & DoS
How can I limit concurrent connections from specific IP's with MailScanner?
On 3/4/06, Devon Harding <devonharding at gmail.com > wrote:
Yea, but I want this to be for every one, not just cable users
On 3/3/06, Chris Stone < cstone at axint.net> wrote:
Try using something like the NJABL_DYNBLOCK rbl to block such cable/dsl
users
from connecting......
On Friday 03 March 2006 07:44 pm, Devon Harding wrote:
> For some reason, I can't seem to stop hackers from performaing DoS against
> my IPCop fw & MailScanner server. I get alot of these in my
> /var/log/maillog and the boxes get locked up:
>
> Mar 1 20:12:48 mars sendmail[27017]: k220vlXF027017:
> 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links
are often malicious: 69.165.202.64] did not issue
> MAIL/EXPN/VRFY/ETRN during connection to MTA
> Mar 1 20:12:48 mars sendmail[27019]: k220vmrk027019:
> 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links
are often malicious: 69.165.202.64] did not issue
> MAIL/EXPN/VRFY/ETRN during connection to MTA
> Mar 1 20:12:48 mars sendmail[27018]: k220vlM8027018:
> 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links
are often malicious: 69.165.202.64] did not issue
> MAIL/EXPN/VRFY/ETRN during connection to MTA
> Mar 1 20:12:49 mars sendmail[27020]: k220vm8s027020:
> 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links
are often malicious: 69.165.202.64] did not issue
> MAIL/EXPN/VRFY/ETRN during connection to MTA
> Mar 1 20:12:49 mars sendmail[27023]: k220vngJ027023:
> 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links
are often malicious: 69.165.202.64] did not issue
> MAIL/EXPN/VRFY/ETRN during connection to MTA
> Mar 1 20:12:49 mars sendmail[27021]: k220vmjG027021:
> 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links
are often malicious: 69.165.202.64] did not issue
> MAIL/EXPN/VRFY/ETRN during connection to MTA
>
> What can I do?
That's a job for your MTA not MailScanner :)
If you're using a recent version of sendmail, 8.13.x, it's pretty easy.
Check out:
http://www.technoids.org/dossed.html
Hope this helps,
Steve
Stephen Swaney
Fort Systems Ltd.
stephen.swaney at fsl.com
www.fsl.com
More information about the MailScanner
mailing list