Re: [Exim] Columbian Spammer

Top Page
Delete this message
Reply to this message
Author: will
Date:  
To: exim-users
Subject: Re: [Exim] Columbian Spammer
Wakko Warner wrote:
>>I saw this with a customers server a couple of years ago. We put in
>>iptables rules to drop the packets for connections from their IP range
>>(they seemed to use a few IP's assigned to a brazilian ISP) to port 25.
>> The continued to attempt to make connections for months despite this.
>> Obviously an automated attack.
>
> How did you set up the rule? Did you just drop the packet or did you return
> tcp reset?


It was about 2 lines of IPTables in a 'firewall' script started with the
init scripts. I just used '-j DROP', no point in politely informing the
spammers program that the connection had failed and that is should retry ;-)

The effect was that whatever program was making the connections must
have been sitting there waiting for a response from the server which
never came, and would have eventually timed out.

Will.