From owner-freebsd-questions Sun Nov 10 5:16:45 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E00037B401 for ; Sun, 10 Nov 2002 05:16:43 -0800 (PST) Received: from lancelot.cosmicfire.net (lancelot.cosmicfire.net [64.32.246.114]) by mx1.FreeBSD.org (Postfix) with SMTP id 07FF343E88 for ; Sun, 10 Nov 2002 05:16:41 -0800 (PST) (envelope-from gs@vacfu.org) Received: (qmail 5330 invoked from network); 10 Nov 2002 13:16:08 -0000 Received: from dh-fw-1.oru.se (HELO rainbowpeace.DH-FW-1.oru.se) (gs@vacfu.org@130.243.97.72) by vacfu.org with SMTP; 10 Nov 2002 13:16:08 -0000 Date: Sun, 10 Nov 2002 14:14:56 +0100 From: Gustaf Sjoberg To: "W. D." Cc: freebsd-questions@FreeBSD.ORG Subject: Re: How to stop SPAMMER??! Message-Id: <20021110141456.7bef6eeb.gs@vacfu.org> In-Reply-To: <5.1.0.14.2.20021109235134.0484d270@us-webmasters.com> References: <20021110030443.1b0577ad.gs@vacfu.org> <5.1.0.14.2.20021109150436.069a4d50@us-webmasters.com> <5.1.0.14.2.20021109150436.069a4d50@us-webmasters.com> <5.1.0.14.2.20021109235134.0484d270@us-webmasters.com> X-Mailer: Sylpheed version 0.8.3 (GTK+ 1.2.10; i386-portbld-freebsd4.7) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, 10 Nov 2002 00:16:30 -0600 "W. D." wrote: >At 21:17 11/9/2002, Jack L. Stone wrote: >>At 03:04 AM 11.10.2002 +0100, Gustaf Sjoberg wrote: >>>On Sat, 09 Nov 2002 15:13:09 -0600 >>>"W. D." wrote: >>> >>>either block incomming port 25 connections or set the smtserver to require >>authentication. >>> >>>ipfw entry could look something like: >>> >>>add deny log tcp from any to 25 in recv > >This would completely block SMTP wouldn't it? I do have clients >on this server using email. yes it would, change it to: add deny log tcp from to 25 in recv > > > > >>> >>>>Hi folks, >>>> >>>>I've got some bozo from: >>>> >>>> SpaWeb1.spaelegance.com..auth >>>> >>>>doing all kinds of SMTP activity on my FreeBSD server. Does anyone >>>>know how to stop this? What kind of entry would I add to ipfw? >>>> >>>>Does anyone know what vulnerability this might be? How to stop >>>>permanently? >>>> >> >>Get the IP of the spammer if possible. I've had to use a total block like >>this: >>##### DENY INTRUDER through external interface >> #${fwcmd} add deny all from 66.000.00.000 to any via ${oif} > >Where is ${oif} defined? > >When I run a command like this it doesn't understand 'fwcmd'. > >usw2# {fwcmd} add deny log all from 168.93.100.59/16 to any in via ${oif} >oif: Undefined variable. > >usw2# {fwcmd} add deny log all from 168.93.100.59/16 to any in via lo0 >fwcmd: Command not found. > >> >>Reload the firewall rules.... >> >>Best regards, >>Jack L. Stone, >>Administrator >> >>SageOne Net >>http://www.sage-one.net >>jackstone@sage-one.net > >Start Here to Find It Fast!© -> http://www.US-Webmasters.com/best-start-page/ > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message