This Off topic but figured most of us all get hit with this stuff.
I am in need of a bit of help.
I got a whole bunch of open relays doing rumpelstiltskin(sic) attacks on both my main mailserver and my seconary MX server... hitting the secondary and making it throttle the main one.
Anyway is there a way to use some of these RBLs to basically deny these open relays to be able to even attempt these attacks?
I'm running Sendmail 8.12.11 on Linux... both these boxen run RH 6.2 and are really locked down against other attacks.
I use to just drop routes to these idiots but never a good solution IMNSHO 8*)
I looked through the sendmail FAQs and didn't find anything that was helpful.
Any idea would be more then welcome.
-----Original Message----- From: discuss-bounces@lists.surbl.org [mailto:discuss- bounces@lists.surbl.org] On Behalf Of Doc Schneider Sent: Friday, 28 May 2004 11:55 PM To: SURBL Discuss Subject: [SURBL-Discuss] OT: RBL needed!
This Off topic but figured most of us all get hit with this stuff.
I am in need of a bit of help.
I got a whole bunch of open relays doing rumpelstiltskin(sic) attacks on both my main mailserver and my seconary MX server... hitting the secondary and making it throttle the main one.
Anyway is there a way to use some of these RBLs to basically deny these open relays to be able to even attempt these attacks?
I'm running Sendmail 8.12.11 on Linux... both these boxen run RH 6.2 and are really locked down against other attacks.
I use to just drop routes to these idiots but never a good solution IMNSHO 8*)
I looked through the sendmail FAQs and didn't find anything that was helpful.
Any idea would be more then welcome.
Hi Doc,
Have a look @ http://www.albury.net.au/netstatus/technical.stuff we use it, and its the bomb..
We have had an ongoing attack from a Taiwanese network belting the heck out of one server we manage, this script has saved the day majorly & helped reduce the volume of messages we have to kill post receipt by about 1/5.
Some stats and basic logs are available at http://gambit.unitedip.net.au/deroute/ and yes @ the top right that is saying more than 2880 IP's derouted :)
Any questions, don't hesitate to contact me off list.
Cheers!!
Dave
======================================================================== Pain free spam & virus protection by: www.mailsecurity.net.au Forward undetected SPAM to: spam@mailsecurity.net.au ========================================================================
Hi!
I got a whole bunch of open relays doing rumpelstiltskin(sic) attacks on both my main mailserver and my seconary MX server... hitting the secondary and making it throttle the main one.
Anyway is there a way to use some of these RBLs to basically deny these open relays to be able to even attempt these attacks?
I'm running Sendmail 8.12.11 on Linux... both these boxen run RH 6.2 and are really locked down against other attacks.
I use to just drop routes to these idiots but never a good solution IMNSHO 8*)
I looked through the sendmail FAQs and didn't find anything that was helpful.
Start filtering there with DSBL on the MTA, and submit missing ones you find to DSBL, pretty effective.
bye, Raymond.
On Friday, May 28, 2004, 6:55:23 AM, Doc Schneider wrote:
I got a whole bunch of open relays doing rumpelstiltskin(sic) attacks on both my main mailserver and my seconary MX server... hitting the secondary and making it throttle the main one.
Anyway is there a way to use some of these RBLs to basically deny these open relays to be able to even attempt these attacks?
I'm running Sendmail 8.12.11 on Linux... both these boxen run RH 6.2 and are really locked down against other attacks.
Many people use and recommend list.dsbl.org and xbl.spamhaus.org (or sbl-xbl.spamhaus.org) to block open relays at the MTA level. (sbl-xbl is a combined list of sbl and xbl. ;-)
We find them quite effective.
Here are my mailserver.mc (m4) confs:
FEATURE(dnsbl,`sbl.spamhaus.org',`"Address "$&{client_addr}" blocked. See http://www.spamhaus.org/sbl/%22%27)dnl FEATURE(dnsbl,`xbl.spamhaus.org',`"Address "$&{client_addr}" blocked. See http://www.spamhaus.org/xbl/%22%27)dnl FEATURE(dnsbl,`list.dsbl.org',`"Open relay "$&{client_addr}" blocked. See http://dsbl.org/sender%22%27)dnl
Jeff C.
Just wanted to say THANKS to all you kind folks for helping me.
Attacks are now being block and my logs are full of open relays/hijacked networks, etc...
Thanks again,
-Doc
--- MomNDoc Online Consultants http://www.maddoc.net/ momndoc@maddoc.net
Since I started using RBL's at the MTA level (May 25th at 10am) I've so far through June 25th 10am CDT had close to 8 MILLION RBL hits between my three mail servers here. Most of these are username trolls.
And am actually thinking of making an incoming mailserver for the express purpose of dropping routes to all these idiots with virused machines! I personaly call these folks "spam shooters" since that does describe exactly what they are doing.
About 60% of the blocked ones are coming from comcast/attbi (same company) even though they have said on /. that they are monitoring their network for massive port 25 usage. You believe that I got some prime florida land for sale!
Well just wanted you all to know what was happening here.
-Doc (D-Ninja) D for Destroy all spammers!