Spam Attacks

Fri Sep 16 09:30:28 IST 2011

I second fail2ban...

With a bit of tweaking of the config script can get it to log (rate limited to prevent flooding) all of the dropped connections so you've a log of what goes on...

I only ban for 20 mins at the moment, but it seems amply long enough for them to get the hint and go away.

The script for log-rotation needs tweaking though to prevent it hanging at that point.

Jason

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Michael Huntley
> Sent: 15 September 2011 21:59
> To: MailScanner discussion
> Subject: Re: Spam Attacks
> 
> I use fail2ban and drop those suckers at the firewall after x number of
> rejections.  I have never failed to stop an attack.
> 
> michael huntley
> 
> On 9/15/2011 1:38 PM, Eli Wapniarski wrote:
> > Greylisting works great, but it still processes the mail. And
> > eventually, the bot will break through the timeout. So greylisting
> > only works so far with the slamming kind of attack and it will bring your
> server to a dead stop.
> >
> > I would seriously recommend great_pause for sendmail and postscreen
> > for postfix. I hope that their is an equivalent for qmail.... etc.
> > Seriously does a great job
> >
> > Eli
> >
> > On Thursday 15 September 2011 18:42:36 Sergio Rabellino wrote:
> >> [maybe OT]
> >> This summer i've got a better solution for sendmail greylisting :
> >> milter-greylist (http://hcpnet.free.fr/milter-greylist/).
> >> The 'too' old smf-grey do not work with ipv6 adresses !
> >> [end OT]
> >>
> >> Il 15/09/2011 16:45, Mogens Melander ha scritto:
> >>> Hi Guys
> >>>
> >>> sendmail + smfgray + mailscaner has served flawless for years.
> >>>
> >>> On Thu, September 15, 2011 07:28, Eli Wapniarski wrote:
> >>>> Hi
> >>>>
> >>>> I'm using good old fashioned sendmail as my mta.... It has a
> >>>> feature called "greet_pause" "Dunnno if qmail or postfix has this
> >>>> feature, but what this does is delay sending banners out for a
> >>>> specified amount of time (usually configured for between 1 -5
> >>>> seconds). If a spammer / slammer starts sending before the
> >>>> acknowledgement from sendmail, the connection is summarily
> dropped.
> >>>>
> >>>> Hope this helps all who have run into the slamming phenomenon.
> >>>>
> >>>> Eli
> >>>>
> >>>> On Tuesday 13 September 2011 13:36:44 Johan Hendriks wrote:
> >>>>>> Hi All,
> >>>>>> Thanks for your replies. As of today I've pointed 10 domains to a
> >>>>>> new gateway and here are some stats.
> >>>>>> http://dominion.blacknight.ie/~paul/postfix.txt
> >>>>>> It's a bit crazy.
> >>>>> [OT]
> >>>>> How do you get these stats.
> >>>>> [/OT]
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!