Getting pounded .. sigh

Jeff A. Earickson jaearick at colby.edu
Mon May 22 18:22:53 IST 2006 

Or if you are a Solaris user with ipfilter installed, try:

block in quick on ce0 proto tcp from 193.252.22.0/24 to any port = 25

in your ipf.conf file.  Substitute your appropriate network interface
for "ce0".

Jeff Earickson
Colby College

On Mon, 22 May 2006, Dave Strydom wrote:

> Date: Mon, 22 May 2006 19:11:11 +0200
> From: Dave Strydom <strydom.dave at gmail.com>
> Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> Subject: Re: Getting pounded .. sigh
> 
> iptables -A INPUT -s 193.252.22.157 -j DROP
> iptables -A INPUT -s 193.252.22.158 -j DROP
>
> problem solved.
>
> Regards
> Dave
>
> On 5/22/06, Rob Poe <rpoe at plattesheriff.org> wrote:
>> My mail server is getting POUNDED from
>> 193.252.22.157
>> 193.252.22.158
>> 
>> Which is smtp1.wanadoo.co.uk  and smtp2.wanadoo.co.uk
>> 
>> I blacklisted the whole 193.252.22.x
>> 
>> They're targeting my list server, and SpamAssassin is grabbing them
>> (along with the fact that the list server is membership only!!)
>> 
>> but I'm getting one every 5-10 seconds!!
>> 
>> grep 193.252.22 /var/log/maillog | wc
>>    1863   62955  710320
>> 
>> May 22 11:49:02 mail sendmail[30768]: ruleset=check_relay,
>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk
>> [193.252.22.157], reject=583 5.0.0 Get lost..
>> May 22 11:49:07 mail sendmail[30769]: ruleset=check_relay,
>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk
>> [193.252.22.157], reject=583 5.0.0 Get lost..
>> May 22 11:49:13 mail sendmail[30770]: ruleset=check_relay,
>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk
>> [193.252.22.157], reject=583 5.0.0 Get lost..
>> May 22 11:49:27 mail sendmail[30774]: ruleset=check_relay,
>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk
>> [193.252.22.157], reject=583 5.0.0 Get lost..
>> May 22 11:49:29 mail sendmail[30775]: ruleset=check_relay,
>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk
>> [193.252.22.157], reject=583 5.0.0 Get lost..
>> May 22 11:49:41 mail sendmail[30777]: ruleset=check_relay,
>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157, relay=smtp2.wanadoo.co.uk
>> [193.252.22.157], reject=583 5.0.0 Get lost..
>> 
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> 
>> Before posting, read http://wiki.mailscanner.info/posting
>> 
>> Support MailScanner development - buy the book off the website!
>> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list