From owner-freebsd-questions Sat Nov 9 19:17:56 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1EA2A37B401 for ; Sat, 9 Nov 2002 19:17:55 -0800 (PST) Received: from sage-one.net (adsl-65-71-135-137.dsl.crchtx.swbell.net [65.71.135.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 259C043E42 for ; Sat, 9 Nov 2002 19:17:54 -0800 (PST) (envelope-from jackstone@sage-one.net) Received: from sagea (sagea [192.168.0.3]) by sage-one.net (8.11.6/8.11.6) with SMTP id gAA3HfD62914; Sat, 9 Nov 2002 21:17:41 -0600 (CST) (envelope-from jackstone@sage-one.net) Message-Id: <3.0.5.32.20021109211740.011f73b8@mail.sage-one.net> X-Sender: jackstone@mail.sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Sat, 09 Nov 2002 21:17:40 -0600 To: Gustaf Sjoberg , "W. D." From: "Jack L. Stone" Subject: Re: How to stop SPAMMER??! Cc: freebsd-questions@FreeBSD.ORG In-Reply-To: <20021110030443.1b0577ad.gs@vacfu.org> References: <5.1.0.14.2.20021109150436.069a4d50@us-webmasters.com> <5.1.0.14.2.20021109150436.069a4d50@us-webmasters.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 03:04 AM 11.10.2002 +0100, Gustaf Sjoberg wrote: >On Sat, 09 Nov 2002 15:13:09 -0600 >"W. D." wrote: > >either block incomming port 25 connections or set the smtserver to require authentication. > >ipfw entry could look something like: > >add deny log tcp from any to 25 in recv > >>Hi folks, >> >>I've got some bozo from: >> >> SpaWeb1.spaelegance.com..auth >> >>doing all kinds of SMTP activity on my FreeBSD server. Does anyone >>know how to stop this? What kind of entry would I add to ipfw? >> >>Does anyone know what vulnerability this might be? How to stop >>permanently? >> Get the IP of the spammer if possible. I've had to use a total block like this: ##### DENY INTRUDER through external interface #${fwcmd} add deny all from 66.000.00.000 to any via ${oif} Reload the firewall rules.... Best regards, Jack L. Stone, Administrator SageOne Net http://www.sage-one.net jackstone@sage-one.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message