Getting pounded .. sigh

Dave Strydom strydom.dave at gmail.com
Mon May 22 18:15:29 IST 2006


Hi Doc,

Doesn't that just create more load/traffic since your machine still
has to accept the tcp connection, take in the data, and then route it
to 127.0.0.1, where as an iptables DROP just igore the packets
completely?

Dave

On 5/22/06, Doc Schneider <doc at maddoc.net> wrote:
> Rob Poe wrote:
> > My mail server is getting POUNDED from
> > 193.252.22.157
> > 193.252.22.158
> >
> > Which is smtp1.wanadoo.co.uk  and smtp2.wanadoo.co.uk
> >
> > I blacklisted the whole 193.252.22.x
> >
> > They're targeting my list server, and SpamAssassin is grabbing them
> > (along with the fact that the list server is membership only!!)
> >
> > but I'm getting one every 5-10 seconds!!
> >
> > grep 193.252.22 /var/log/maillog | wc
> >    1863   62955  710320
> >
> > May 22 11:49:02 mail sendmail[30768]: ruleset=check_relay,
> > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk
> > [193.252.22.157], reject=583 5.0.0 Get lost..
> > May 22 11:49:07 mail sendmail[30769]: ruleset=check_relay,
> > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk
> > [193.252.22.157], reject=583 5.0.0 Get lost..
> > May 22 11:49:13 mail sendmail[30770]: ruleset=check_relay,
> > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk
> > [193.252.22.157], reject=583 5.0.0 Get lost..
> > May 22 11:49:27 mail sendmail[30774]: ruleset=check_relay,
> > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk
> > [193.252.22.157], reject=583 5.0.0 Get lost..
> > May 22 11:49:29 mail sendmail[30775]: ruleset=check_relay,
> > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk
> > [193.252.22.157], reject=583 5.0.0 Get lost..
> > May 22 11:49:41 mail sendmail[30777]: ruleset=check_relay,
> > arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk
> > [193.252.22.157], reject=583 5.0.0 Get lost..
> >
>
> I use this little script I wrote for these unruly pecker attacks.
>
> Use it like this
>
> ./banit.sh 193.252.22.157
>
> cat banit.sh
> #!/bin/sh
> route add $1 gw 127.0.0.1
>
> HTH
> --
> -Doc
> Lincoln, NE.
> http://www.genealogyforyou.com/
> http://www.cairnproductions.com/
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>


More information about the MailScanner mailing list