[BlueOnyx:01643] Re: Slammed with Spammer

Larry Smith lesmith at ecsis.net
Sat Jul 11 13:26:23 -05 2009 

I use "route add -host x.y.z.k reject"
to tell the box to stop talking to an IP.  You can also use iptables
with "iptables -A INPUT --source x.y.z.k -j DROP" replacing the x.y.z.k
above with desired IP address to block.

-- 
Larry Smith
lesmith at ecsis.net

On Sat July 11 2009 13:12, Paul wrote:
> I'm getting similar issues :(... here's a cat of the sendmail log...
>
> Jul 11 19:04:21 www sendmail[10386]: AUTH=server,
> relay=p50988f93.dip0.t-ipconnect.de [80.152.143.147], authid=info,
> mech=LOGIN, bits=0
> Jul 11 19:05:06 www sendmail[10534]: AUTH=server,
> relay=p50988f93.dip0.t-ipconnect.de [80.152.143.147], authid=info,
> mech=LOGIN, bits=0
> Jul 11 19:05:45 www sendmail[10797]: AUTH=server,
> relay=p50988f93.dip0.t-ipconnect.de [80.152.143.147], authid=info,
> mech=LOGIN, bits=0
> Jul 11 19:07:08 www sendmail[10816]: AUTH=server,
> relay=p50988f93.dip0.t-ipconnect.de [80.152.143.147], authid=info,
> mech=LOGIN, bits=0
> Jul 11 19:07:46 www sendmail[10847]: AUTH=server,
> relay=p50988f93.dip0.t-ipconnect.de [80.152.143.147], authid=info,
> mech=LOGIN, bits=0
>
>
> [root at www mqueue]# cat /var/log/maillog | grep  ogin | grep 80.152.143.147
> <no output>
>
> Please could someone tell me the easiest way to block this IP from
> connecting to the box....
>
> Thanks
> Paul
>
> Ken Marcus - Precision Web Hosting, Inc. wrote:
> > ----- Original Message -----
> > From: "Steve Davis" <steve at zio.com>
> > To: <blueonyx at blueonyx.it>
> > Sent: Saturday, June 27, 2009 10:04 AM
> > Subject: [BlueOnyx:01513] Slammed with Spammer
> >
> >> Having an issue with an old enemy on a new BO box.
> >>
> >> net.tw,
> >> gov.tw
> >> org.tw
> >> net.tw
> >> com.tw
> >>
> >> take your pick.
> >>
> >> Some how, they must know one of the emails userid and password on the
> >> box and are sending 4000 - 5000 spams per hour into my mail queue.
> >>
> >> I have turned off PopBeforeSMTP, so probably not sending email out.
> >> Probably.
> >>
> >> How do I tell which account is being used to connect.
> >>
> >> Any other suggestion of course is always appreciated.
> >>
> >> Steve
> >
> > Look carefully at the one of the spam mail files in /var/spool/mqueue
> > You will either see the username or at least the IP.
> >
> > If you know the IP, then just  check the mail log for a login with that
> > IP. E.g if the IP was  123.456.789.10 then
> >
> > cat /var/log/maillog | grep  ogin | grep   123.456.789.10
> >
> >
> >
> > ----
> > Ken Marcus
> > Ecommerce Web Hosting by
> > Precision Web Hosting, Inc.
> > http://www.precisionweb.net
> >
> >
> >
> > _______________________________________________
> > Blueonyx mailing list
> > Blueonyx at blueonyx.it
> > http://www.blueonyx.it/mailman/listinfo/blueonyx
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list