Date: Sun, 10 Nov 2002 14:14:56 +0100 From: Gustaf Sjoberg <gs@vacfu.org> To: "W. D." <WD@US-Webmasters.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: How to stop SPAMMER??! Message-ID: <20021110141456.7bef6eeb.gs@vacfu.org> In-Reply-To: <5.1.0.14.2.20021109235134.0484d270@us-webmasters.com> References: <20021110030443.1b0577ad.gs@vacfu.org> <5.1.0.14.2.20021109150436.069a4d50@us-webmasters.com> <5.1.0.14.2.20021109150436.069a4d50@us-webmasters.com> <5.1.0.14.2.20021109235134.0484d270@us-webmasters.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 10 Nov 2002 00:16:30 -0600
"W. D." <WD@US-Webmasters.com> wrote:
>At 21:17 11/9/2002, Jack L. Stone wrote:
>>At 03:04 AM 11.10.2002 +0100, Gustaf Sjoberg wrote:
>>>On Sat, 09 Nov 2002 15:13:09 -0600
>>>"W. D." <WD@US-Webmasters.com> wrote:
>>>
>>>either block incomming port 25 connections or set the smtserver to require
>>authentication.
>>>
>>>ipfw entry could look something like:
>>>
>>>add <rule#> deny log tcp from any to <yourip> 25 in recv <interface>
>
>This would completely block SMTP wouldn't it? I do have clients
>on this server using email.
yes it would, change it to:
add <rule#> deny log tcp from <spammersip> to <yourip> 25 in recv <interface>
>
>
>
>
>>>
>>>>Hi folks,
>>>>
>>>>I've got some bozo from:
>>>>
>>>> SpaWeb1.spaelegance.com..auth
>>>>
>>>>doing all kinds of SMTP activity on my FreeBSD server. Does anyone
>>>>know how to stop this? What kind of entry would I add to ipfw?
>>>>
>>>>Does anyone know what vulnerability this might be? How to stop
>>>>permanently?
>>>>
>>
>>Get the IP of the spammer if possible. I've had to use a total block like
>>this:
>>##### DENY INTRUDER through external interface
>> #${fwcmd} add deny all from 66.000.00.000 to any via ${oif}
>
>Where is ${oif} defined?
>
>When I run a command like this it doesn't understand 'fwcmd'.
>
>usw2# {fwcmd} add deny log all from 168.93.100.59/16 to any in via ${oif}
>oif: Undefined variable.
>
>usw2# {fwcmd} add deny log all from 168.93.100.59/16 to any in via lo0
>fwcmd: Command not found.
>
>>
>>Reload the firewall rules....
>>
>>Best regards,
>>Jack L. Stone,
>>Administrator
>>
>>SageOne Net
>>http://www.sage-one.net
>>jackstone@sage-one.net
>
>Start Here to Find It Fast!© -> http://www.US-Webmasters.com/best-start-page/
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021110141456.7bef6eeb.gs>