* A crazy spam mailserver
@ 2005-06-07 14:17 Łukasz Hejnak
0 siblings, 0 replies; only message in thread
From: Łukasz Hejnak @ 2005-06-07 14:17 UTC (permalink / raw)
To: netfilter
Hello everyone.
Today at around 12 AM local (10:00 GMT) I started recieving spam from a
particular host. Nothing strange about it, except the fact
that all of the mail is coming to my home mailserver that I got up just
a few days ago, and just for home usage/testing/learning.
And the bugger doesn't seem to give up, in the last four hours I got
around 50 SPAM messages - all the same.
The sender is NAVER-MAILER@naver.com and so far I just took steps to
block the spam - so the most straight forward thing that came to my mind
was to do a -DROP. The sender used a few different IP adresses, but most
of I was able to identify in the form of 1.2.3.0/24, so it all got up to
a list of five IP's, and so far I went with a script like this
BAD_IP_LIST="1.2.3.0/24 4.5.6.0/24 7.8.9.0/24"
for IP in $BAD_IP_LIST
{
iptables -A INPUT -s $IP -DROP
}
My question is: Is there a better way to act upon such a case?
because I'm not convinced to think that just doing a -DROP like the
above is the best idea.
For instance I may be blocking some other ip's, that could be innocent.
Or, not sure about this one though, is it possible I could be just
blocking some spoffed IP's?
With Regards
£ukasz Hejnak
"Greg: It's a little known fact, but e-mail servers were the tenth
plague that God visited upon the egyptians. All tat angel of death and
passover stuff is pure crap."
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2005-06-07 14:17 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-06-07 14:17 A crazy spam mailserver Łukasz Hejnak
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox