* A crazy spam mailserver
@ 2005-06-07 14:17 Łukasz Hejnak
0 siblings, 0 replies; only message in thread
From: Łukasz Hejnak @ 2005-06-07 14:17 UTC (permalink / raw)
To: netfilter
Hello everyone.
Today at around 12 AM local (10:00 GMT) I started recieving spam from a
particular host. Nothing strange about it, except the fact
that all of the mail is coming to my home mailserver that I got up just
a few days ago, and just for home usage/testing/learning.
And the bugger doesn't seem to give up, in the last four hours I got
around 50 SPAM messages - all the same.
The sender is NAVER-MAILER@naver.com and so far I just took steps to
block the spam - so the most straight forward thing that came to my mind
was to do a -DROP. The sender used a few different IP adresses, but most
of I was able to identify in the form of 1.2.3.0/24, so it all got up to
a list of five IP's, and so far I went with a script like this
BAD_IP_LIST="1.2.3.0/24 4.5.6.0/24 7.8.9.0/24"
for IP in $BAD_IP_LIST
{
iptables -A INPUT -s $IP -DROP
}
My question is: Is there a better way to act upon such a case?
because I'm not convinced to think that just doing a -DROP like the
above is the best idea.
For instance I may be blocking some other ip's, that could be innocent.
Or, not sure about this one though, is it possible I could be just
blocking some spoffed IP's?
With Regards
£ukasz Hejnak
"Greg: It's a little known fact, but e-mail servers were the tenth
plague that God visited upon the egyptians. All tat angel of death and
passover stuff is pure crap."
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2005-06-07 14:17 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-06-07 14:17 A crazy spam mailserver Łukasz Hejnak
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.