From owner-freebsd-isp  Mon Dec 14 11:01:21 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA26773
          for freebsd-isp-outgoing; Mon, 14 Dec 1998 11:01:21 -0800 (PST)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from home.dragondata.com (home.dragondata.com [204.137.237.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA26741
          for <freebsd-isp@FreeBSD.ORG>; Mon, 14 Dec 1998 11:01:17 -0800 (PST)
          (envelope-from toasty@home.dragondata.com)
Received: (from toasty@localhost)
	by home.dragondata.com (8.8.8/8.8.5) id NAA23537;
	Mon, 14 Dec 1998 13:00:39 -0600 (CST)
From: Kevin Day <toasty@home.dragondata.com>
Message-Id: <199812141900.NAA23537@home.dragondata.com>
Subject: Re: sendmail morons
In-Reply-To: <Pine.BSF.4.05.9812141052240.19642-100000@Rigel.orionsys.com> from David Babler at "Dec 14, 1998 10:56:23 am"
To: dbabler@Rigel.orionsys.com (David Babler)
Date: Mon, 14 Dec 1998 13:00:38 -0600 (CST)
Cc: freebsd-isp@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL43 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> 
> 
> On Sun, 13 Dec 1998, Kevin Day wrote:
> 
> > 
> > Somehow, we're on some spam software's list of open relays, I think. We
> > aren't open to relaying, but people sure try. 
> > 
> > I'm guessing this is a bug in the software, but... when it can't relay, it
> > leaves the connection open, then goes and tries again, and again.....
> > 
> > root     14170  0.0  1.2   636  736  ??  I    11:47PM    0:00.02
>  sendmail: server guy78@van-wa1-17.ix.netcom.com [205.184.177.49] cmd read
>  (sendmail)
> 
> In addition to cutting down the delay time and blocking the IP range as
> others have suggested, this is coming from a Netcom dialup in Vancouver,
> Washington. There aren't all THAT many dialup ports there, so finding the
> clueless moron won't be difficult - call Netcom and report a network
> security problem and DoS (which this is) and have the bozo nuked.
> 
> -Dave
> 
> 

I've dropped down the timeouts, and I've blocked IP's... However... I must
be on some list somewhre, as we get 20-30 people a day doing this to us, all
from different dialups/providers.

I'm thinking about hacking sendmail to drop the connection after it says
'relay not permitted' so they don't hang on like this.

Kevin

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message