From owner-freebsd-security  Tue Sep 21 12:40:28 1999
Delivered-To: freebsd-security@freebsd.org
Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1])
	by hub.freebsd.org (Postfix) with ESMTP id 96E921607B
	for <security@FreeBSD.ORG>; Tue, 21 Sep 1999 12:40:26 -0700 (PDT)
	(envelope-from mike@sentex.net)
Received: from simoeon (simeon.sentex.ca [209.112.4.47]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id PAA11328; Tue, 21 Sep 1999 15:40:24 -0400 (EDT)
Message-Id: <3.0.5.32.19990921153905.01499100@staff.sentex.ca>
X-Sender: mdtpop@staff.sentex.ca
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32)
Date: Tue, 21 Sep 1999 15:39:05 -0400
To: "Mr. K." <bsd@a.servers.aozilla.com>
From: Mike Tancsa <mike@sentex.net>
Subject: Sendmail blocking of spammers (was Re: hackers?)
Cc: security@FreeBSD.ORG
In-Reply-To: <Pine.BSF.4.10.9909211518030.3358-100000@inbox.org>
References: <3.0.5.32.19990921145047.013e24b0@staff.sentex.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>I think I figured out what is happening.  The relaying is indeed getting
>denied, but unfortunately some of the spammers software is waiting blindly
>for a positive response (and thus keeping a connection until they time
>out).  My choices seem to be ipfw (which I don't want to do as I don't
>want to block all aol users), or somehow getting sendmail to disconnect on
>a "relaying denied" (instead of sitting there until they timeout).  I
>can't figure out how to do the latter (doesn't seem to be possible).  And
>of course calling AOL and bitching, at least that will feel good if I can
>get a bunch of these spammers booted.

You have another option. If you have tcp_wrappers installed (its installed
in all 3.[2|3] versions by default), you can deny by sub domain.  The
spammers are coming from *.ipt.aol.com.  Block from that subdomain on.  AOL
for its mail exchangers are all of the form xx.mx.aol.com, not ipt.aol.com
e.g.
aol.com preference = 15, mail exchanger = zd.mx.aol.com

	---Mike

------------------------------------------------------------------------
Mike Tancsa,                          	          tel 01.519.651.3400
Network Administrator,     			  mike@sentex.net
Sentex Communications                 		  www.sentex.net
Cambridge, Ontario Canada


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message