Autor: William Thompson Data: A: Suresh Ramasubramanian CC: exim-users Assumpte: Re: [Exim] People thinking port 25 is a web server
> >Is there an easy way to immediately drop people from doing this: > >2003-03-08 07:33:53 SMTP syntax error in "POST / HTTP/1.0"
> >H=[199.243.131.42]: unrecognized command
> >2003-03-08 07:33:53 SMTP syntax error in "Via: 1.0 TANGO"
> >H=[199.243.131.42]: unrecognized command
> >2003-03-08 07:33:53 SMTP syntax error in "Host: 216.98.66.34:25"
> >H=[199.243.131.42]: unrecognized command
>
> You are seeing spam from open proxies.
As I figured.
> Easier way to do it - reactive, shall we say - Find lines like this from
> your logs and -
>
> 1. Drop them into your local blocklist
I generally do.
> 2. Submit them to an open proxy blocklist like socks.relays.osirusoft.com
> etc.
>
> 3. Use one or more of these.
I thought personally it'd be an interesting idea to give them a 5xx code and
drop connection when they use POST. Save on log space and I could also have
a program to scan the logs for this and drop them into a blacklist. I've
seen 3.35's smtp code, doesn't look too difficult to add this capability.
I've not seen 4.x yet.
I've never seen this on my home system, but many times at work.