 | | | re; stopping spam attacks | re; stopping spam attacks 2003-05-20 - By Jon Miller
Back
I would like to know how to prevent this sort of mail bombing from happening:
May 21 00:47:16 rhfs1 postfix/smtp[12132]: connect to mx3.compuserve.com[149
.174.40.5]: Connection refused (port 25)
May 21 00:47:17 rhfs1 postfix/smtp[12132]: connect to mx3.compuserve.com[149
.174.40.6]: Connection refused (port 25)
May 21 00:47:17 rhfs1 postfix/smtp[12151]: BF5DF14AB8E: to=<thrasherca@(protected)>
, relay=mailin-04.mx.aol.com[64.12.138.152], delay=5, status=sent (250 OK)
May 21 00:47:17 rhfs1 postfix/smtp[12132]: connect to mx1.compuserve.com[149
.174.40.4]: Connection refused (port 25)
May 21 00:47:17 rhfs1 postfix/smtp[12110]: connect to mx1.mail.lycos.com[209
.202.220.135]: Connection timed out (port 25)
May 21 00:47:17 rhfs1 postfix/smtp[12132]: connect to mx1.compuserve.com[149
.174.40.134]: Connection refused (port 25)
May 21 00:47:18 rhfs1 postfix/smtpd[12244]: connect from rhfs1[192.168.1.10]
May 21 00:47:18 rhfs1 postfix/smtpd[12244]: 42D8E14AB8E: client=rhfs1[192.168.1
.10]
May 21 00:47:18 rhfs1 postfix/cleanup[12245]: 42D8E14AB8E: message-id=
<20030520164718.42D8E14AB8E@(protected)>
May 21 00:47:18 rhfs1 postfix/nqmgr[11365]: 42D8E14AB8E: from=<Greene@(protected)
>, size=2422, nrcpt=1 (queue active)
May 21 00:49:42 rhfs1 postfix/nqmgr[11365]: F316E14ABE6: from=<>, size=4166,
nrcpt=1 (queue active)
May 21 00:49:46 rhfs1 postfix/smtp[12110]: F316E14ABE6: to=<Gilbert@(protected)>,
relay=mx1.mail.yahoo.com[64.156.215.6], delay=5, status=bounced (host mx1.mail
.yahoo.com[64.156.215.6] said: 553 VS10-RT Possible forgery or deactivated due
to abuse (#5.1.1))
May 21 00:49:47 rhfs1 postfix/smtp[12153]: 0841D14ABE4: to=<lsfp@(protected)>,
relay=pbimailc.prodigy.net[207.115.63.107], delay=10, status=bounced (host
pbimailc.prodigy.net[207.115.63.107] said: 553 5.3.0 DNSBL:You are listed at
relays.osirusoft.com)
May 21 00:49:47 rhfs1 postfix/cleanup[12245]: 71A9714ABE5: message-id=
<20030520164947.71A9714ABE5@(protected)>
May 21 00:49:47 rhfs1 postfix/nqmgr[11365]: 71A9714ABE5: from=<>, size=4147,
nrcpt=1 (queue active)
May 21 00:49:48 rhfs1 postfix/smtp[12132]: 71A9714ABE5: to=<Gatchali@(protected)>
, relay=mx2.mail.yahoo.com[64.157.4.78], delay=1, status=bounced (host mx2.mail
.yahoo.com[64.157.4.78] said: 553 VS10-RT Possible forgery or deactivated due to
abuse (#5.1.1))
May 21 00:49:49 rhfs1 postfix/smtp[12136]: DCA7C14ABDD: to=<101770.1366
@(protected)>, relay=mx1.compuserve.com[149.174.40.4], delay=88, status=sent
(250 2.0.0 h4KGsvhV000740 Message accepted for delivery)
Currently using rhl7.3 with postfix-1.1.7-2.
This is a printout of the port scan I did on the server using nmap
(The 1534 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
110/tcp open pop-3
6000/tcp filtered X11 <- would like to not see these ports
below as "filtered ports". Perfer not to see them at all.
12345/tcp filtered NetBus <- Is this possible?
12346/tcp filtered NetBus
31337/tcp filtered Elite
/etc/postfix/master.cf (sniped)
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (50)
# ==========================================================================
#smtp inet n - y - - smtpd
2500 inet n - n - - smtpd <- used for
Sophos MailMonitor
Thanks
Jon L. Miller, MCNE, CNS
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au
"I don't know the key to success, but the key to failure
is trying to please everybody." -Bill Cosby
Earn $52 per hosting referral at Lunarpages.
|
|
|