Getting pounded .. sigh
Doc Schneider
doc at maddoc.net
Mon May 22 18:09:14 IST 2006
Rob Poe wrote:
> My mail server is getting POUNDED from
> 193.252.22.157
> 193.252.22.158
>
> Which is smtp1.wanadoo.co.uk and smtp2.wanadoo.co.uk
>
> I blacklisted the whole 193.252.22.x
>
> They're targeting my list server, and SpamAssassin is grabbing them
> (along with the fact that the list server is membership only!!)
>
> but I'm getting one every 5-10 seconds!!
>
> grep 193.252.22 /var/log/maillog | wc
> 1863 62955 710320
>
> May 22 11:49:02 mail sendmail[30768]: ruleset=check_relay,
> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk
> [193.252.22.157], reject=583 5.0.0 Get lost..
> May 22 11:49:07 mail sendmail[30769]: ruleset=check_relay,
> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk
> [193.252.22.157], reject=583 5.0.0 Get lost..
> May 22 11:49:13 mail sendmail[30770]: ruleset=check_relay,
> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk
> [193.252.22.157], reject=583 5.0.0 Get lost..
> May 22 11:49:27 mail sendmail[30774]: ruleset=check_relay,
> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk
> [193.252.22.157], reject=583 5.0.0 Get lost..
> May 22 11:49:29 mail sendmail[30775]: ruleset=check_relay,
> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk
> [193.252.22.157], reject=583 5.0.0 Get lost..
> May 22 11:49:41 mail sendmail[30777]: ruleset=check_relay,
> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk
> [193.252.22.157], reject=583 5.0.0 Get lost..
>
I use this little script I wrote for these unruly pecker attacks.
Use it like this
./banit.sh 193.252.22.157
cat banit.sh
#!/bin/sh
route add $1 gw 127.0.0.1
HTH
--
-Doc
Lincoln, NE.
http://www.genealogyforyou.com/
http://www.cairnproductions.com/
More information about the MailScanner
mailing list