Author: will Date: To: exim-users Subject: Re: [Exim] Columbian Spammer
Wakko Warner wrote: >>I saw this with a customers server a couple of years ago. We put in
>>iptables rules to drop the packets for connections from their IP range
>>(they seemed to use a few IP's assigned to a brazilian ISP) to port 25.
>> The continued to attempt to make connections for months despite this.
>> Obviously an automated attack.
>
> How did you set up the rule? Did you just drop the packet or did you return
> tcp reset?
It was about 2 lines of IPTables in a 'firewall' script started with the
init scripts. I just used '-j DROP', no point in politely informing the
spammers program that the connection had failed and that is should retry ;-)
The effect was that whatever program was making the connections must
have been sitting there waiting for a response from the server which
never came, and would have eventually timed out.