| View previous topic :: View next topic |
| Author |
Message |
huliganaz
Tux's lil' helper
Joined: 14 Aug 2004
Posts: 80
|
 Posted: Tue Jun 06, 2006 3:40 pm Post subject: mail server (exim+spamassassin+clamav) question ... |
 |
|
Hello ppl, i think everyone who runs mailserver, gets loads of attempts of spammers to find active users..
i'm personally tired of such things in my logs
| Code: |
2006-06-06 16:06:02 H=84-255-240-24.dsl.t-2.net (NELLEMUSLIMAN.oviaoemu.org) [84.255.240.24] F=<Walter.Kramer@earthlink.net> rejected RCPT <zaliuzipost.5ci.l$>: Unknown user
2006-06-06 16:06:12 H=84-255-240-24.dsl.t-2.net (NELLEMUSLIMAN.oviaoemu.org) [84.255.240.24] F=<Beau.Wolfe@earthlink.net> rejected RCPT <vfmqjcanvcaeaaaaa@al$>: Unknown user
2006-06-06 16:06:12 H=84-255-240-24.dsl.t-2.net (NELLEMUSLIMAN.oviaoemu.org) [84.255.240.24] F=<Deandre.Land@earthlink.net> rejected RCPT <sauliu@???.lt>: Unknown user
2006-06-06 16:06:17 H=84-255-240-24.dsl.t-2.net (NELLEMUSLIMAN.oviaoemu.org) [84.255.240.24] F=<Marco.Driscoll@earthlink.net> rejected RCPT <pmail.eik.ltdain$>: Unknown user
2006-06-06 16:06:17 H=84-255-240-24.dsl.t-2.net (NELLEMUSLIMAN.oviaoemu.org) [84.255.240.24] F=<Marco.Driscoll@earthlink.net> rejected RCPT <medasamail.skp.l$> Unknown user
2006-06-06 16:06:22 H=84-255-240-24.dsl.t-2.net (NELLEMUSLIMAN.oviaoemu.org) [84.255.240.24] F=<Lindsay.Beard@earthlink.net> rejected RCPT <ksas@???.lt>: Unknown user
2006-06-06 16:06:26 H=84-255-240-24.dsl.t-2.net (NELLEMUSLIMAN.oviaoemu.org) [84.255.240.24] F=<Kaye.Ash@earthlink.net> rejected RCPT <dainius@???.lt>: Unknown user
2006-06-06 16:06:29 H=84-255-240-24.dsl.t-2.net (NELLEMUSLIMAN.oviaoemu.org) [84.255.240.24] F=<Earline.Todd@earthlink.net> rejected RCPT <buildingsauliussau$> Unknown user
2006-06-06 16:06:29 H=84-255-240-24.dsl.t-2.net (NELLEMUSLIMAN.oviaoemu.org) [84.255.240.24] F=<Lauren.Fitzpatrick@earthlink.net> rejected RCPT <aulius@???.lt> : Unknown user
2006-06-06 16:06:30 H=84-255-240-24.dsl.t-2.net (NELLEMUSLIMAN.oviaoemu.org) [84.255.240.24] F=<Williams.Schafer@earthlink.net> rejected RCPT <alk.ltmarkas@a$ > Unknown user
|
Is there any way to get rid of them after 2 or 3 attempts?
i mean like ban them or drop.
I'm running Exim + clamav + spamassassin
_________________
1337 newb! |
|
| Back to top |
|
 |
phajdan.jr
Retired Dev
Joined: 23 Mar 2006
Posts: 1777
Location: Poland
|
| Posted: Tue Jun 06, 2006 3:58 pm Post subject: |
|
|
| try fail2ban (you will probably have to create your own rule for mail-server) |
|
| Back to top |
|
|
huliganaz
Tux's lil' helper
Joined: 14 Aug 2004
Posts: 80
|
| Posted: Tue Jun 06, 2006 4:03 pm Post subject: |
|
|
i wonder if exim or spamassassin could do that themselves without any other software ...
_________________
1337 newb! |
|
| Back to top |
|
|
huliganaz
Tux's lil' helper
Joined: 14 Aug 2004
Posts: 80
|
| Posted: Tue Jun 13, 2006 6:49 am Post subject: |
|
|
BUMP!.... 
_________________
1337 newb! |
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Tue Jun 13, 2006 9:20 am Post subject: |
|
|
I'm not sure what you want to achieve here. You've got a suggested solution of selectively firewalling these losers. An excellent method.
Exim already turns them away. SA is too far down the chain to help keep the traffic off the MTA (Exim).
If your aim is to keep the traffic from the MTA then some kind of firewall solution - IPTables - and a script seems inevitable. |
|
| Back to top |
|
|
|
Networking & Security
