Re: [Exim] Blocking incessant relay testers with Exim 4

Góra strony
Wiadomość jest częścią wątku:
M-+-\pełne drzewo wątku posortowane wg daty
M\M\MJuha Saarinen at <-
MMMMDave C. at ->
Delete this message
Reply to this message
Autor: Marc Perkel
Data:  
Dla: Dave C.
CC: Juha Saarinen, exim-users
Temat: Re: [Exim] Blocking incessant relay testers with Exim 4
--
[ Picked text/plain from multipart/alternative ]
Here's something I run on my linux server to block IP addresses.

#!/bin/sh
#
# Firewall Rules - This section provides a front end to pre-filter
# traffic coming in.

# The idea is that this can filter hackers from known IP address
# and filter packets before they even atempt to talk to services

# --- Clear the Tables

iptables -v -F INPUT

# --- Filter Hackers

# The file /etc/ipblocked contains a list of IP addresses that are blocked
# on this system. These are IPs of people who have tried to hack us. 

if [ -f /etc/ipblocked ]; then
   for i in $( cat /etc/ipblocked ); do
      iptables -v -A INPUT -s $i -j DROP
   done
fi


ipblocked file looks like this:

147.32.109.5
200.61.75.149
217.10.192.19/24
193.85.2.87



Dave C. wrote:

>On Wed, 12 Jun 2002, Juha Saarinen wrote:
>
>
>
>>As any MTA operator will quickly notice, relay testing by spammers is a
>>common occurrence. Worse, many of the idiots doing the testing ignore the
>>"Relay not permitted" and carry on testing, over and over again.
>>
>>
>
>1. Contact the idiots' ISP and tell them they have spammers on their
>networks. Worse yet, they have DUMB spammers who are too stupid to
>realize their relays are failing.
>
>2. If it continues, get your router admin to put an IP level block in to
>prevent all traffic from the relevant IP's..
>
>
>
>>I'd like to deny SMTP connections to certain hosts and IP blocks, and was
>>wondering what is the best way of doing it with Exim 4. I can do it quite
>>easily with an ACL on the router, but would prefer to maintain a file with
>>host IP address and ranges for the MTA instead.
>>
>>
>
>You can reference such a file from within an ACL.
>
>
>
>>Thought host_reject_connection would be the way to go, initially, but
>>the Spec says it's better to reject at a later stage. What's the reasoning
>>for this?
>>
>>
>
>Some hosts are braindead and will keep trying over and over. Of course,
>some will keep trying regardless of where you reject.
>
>
>--
>
>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>
>
>

--



Wiadomość została wysłana do następujących list mailowych:
Exim-users
Informacja o liście mailowej | Najbliższe wiadomości		<-Re: [Exim] Blocking incessant relay testers with Exim 4Re: [Exim] Blocking incessant relay testers with Exim 4->
Tahini and Hummus and Cumin Development Archives administrowana przez cumin AdminsLurker (wersja 2.3)