MailScanner & DoS

Stephen Swaney steve.swaney at fsl.com
Mon Mar 6 02:21:33 GMT 2006


________________________________________
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Devon
Harding
Sent: Sunday, March 05, 2006 8:36 PM
To: MailScanner discussion
Subject: Re: MailScanner & DoS

How can I limit concurrent connections from specific IP's with MailScanner?
On 3/4/06, Devon Harding <devonharding at gmail.com > wrote:
Yea, but I want this to be for every one, not just cable users 

On 3/3/06, Chris Stone < cstone at axint.net> wrote: 
Try using something like the NJABL_DYNBLOCK rbl to block such cable/dsl
users
from connecting...... 

On Friday 03 March 2006 07:44 pm, Devon Harding wrote:
> For some reason, I can't seem to stop hackers from performaing DoS against
> my IPCop fw & MailScanner server.  I get alot of these in my
> /var/log/maillog and the boxes get locked up:
>
> Mar  1 20:12:48 mars sendmail[27017]: k220vlXF027017:
> 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links
are often malicious: 69.165.202.64] did not issue
> MAIL/EXPN/VRFY/ETRN during connection to MTA
> Mar  1 20:12:48 mars sendmail[27019]: k220vmrk027019:
> 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links
are often malicious: 69.165.202.64] did not issue
> MAIL/EXPN/VRFY/ETRN during connection to MTA
> Mar  1 20:12:48 mars sendmail[27018]: k220vlM8027018: 
> 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links
are often malicious: 69.165.202.64] did not issue
> MAIL/EXPN/VRFY/ETRN during connection to MTA 
> Mar  1 20:12:49 mars sendmail[27020]: k220vm8s027020:
> 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links
are often malicious: 69.165.202.64] did not issue
> MAIL/EXPN/VRFY/ETRN during connection to MTA
> Mar  1 20:12:49 mars sendmail[27023]: k220vngJ027023: 
> 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links
are often malicious: 69.165.202.64] did not issue
> MAIL/EXPN/VRFY/ETRN during connection to MTA
> Mar  1 20:12:49 mars sendmail[27021]: k220vmjG027021: 
> 69-165-202-64.miamfl.adelphia.net [MailScanner warning: numerical links
are often malicious: 69.165.202.64] did not issue
> MAIL/EXPN/VRFY/ETRN during connection to MTA
> 
> What can I do?

That's a job for your MTA not MailScanner :)

If you're using a recent version of sendmail, 8.13.x, it's pretty easy.
Check out:

http://www.technoids.org/dossed.html

Hope this helps,

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney at fsl.com
www.fsl.com





More information about the MailScanner mailing list