<OT> Spamming question
Andrew Mathews
andrew_mathews
Mon May 17 11:30:47 PDT 2004
Roger Oberholtzer wrote:
>
> What amazes me is that, even though I see some attemps at relaying on my
> server, all of them are failing (I am pretty sure - I only see the transmit
> denials and no successes in the transfer logs). Still, some of the same
> sources keep trying over and over. Don't they detect when it has not worked?
> I need a policy for complaining to their ISPs. To date we have just
> ignored them.
<snip>
Or you can simply blackhole the bastards like I do. I set
/etc/syslog.conf to log to /var/log/messages then use the following
script to block them after they attempt to relay off of my servers.
----------cut here------------
#!/bin/sh
# Get number of attempts for relaying
cat /var/log/messages | sort | uniq -u | grep Denying \
| cut -f1 >> /var/log/messages | \
grep 'Relaying denied' /var/log/messages | \
sed -e 's/^.*\[//' -e 's/\].*//' | \
sort -u | \
while read address; do
# clobber access for this address
if ! grep $address /etc/hosts.deny > /dev/null ; then
/sbin/route add -host $address reject 2> /dev/null \
/usr/bin/logger -p notice "Denying $address for relay attempts"
fi
done
--------cut here-------------
--
Andrew Mathews
-------------------------------------------------------------
9:02am up 2 days, 19:35, 4 users, load average: 1.05, 1.15, 1.15
-------------------------------------------------------------
Change your thoughts and you change your world.
More information about the Linux-users
mailing list