[Mimedefang] Extremism or just leveling the playing field..

[SRAR Mail Administrator]

On Apr 8, 2004, at 6:41 PM, Ben Kamen wrote:

>
> Boy, as I sit here and watch the spammers try to
>
> A: use me as a relay (same IP, multiple tries)
> B: scan for usernames
> C: try and deliver to bogus names I've used on the net
>
> I would love to have a hook in mimedefang to auto-blackhole these 
> IP's... kinda like the greylisting where the entry times out after a 
> while.. but after so many misses, the IP gets null-routed...
>
> I know there's probably ways to do this.. I'd just have to sit down 
> and do it.. but don't have the time...

If you're running your mail server on Linux, you can actually do this 
fairly easily - although it is outside of MD or Sendmail. grep your 
maillog for repetitive instances of an ip address attempting 
connections to unknown users and via shell scripts put offending 
numbers into your iptables file with -j REJECT. Those bozos won't even 
get close to your mail server after that [0].

>
> But don't you guys and gals get mad when you see some pathetic loser 
> try and bash the doors down to your mail server??

Don't get mad, get even. Block them before they can even connect to 
you. This may be "Extremism" and YMMV; But for our situation at my 
orkplace [1], it's part of an overall solution that is working well.

-Loren

[0] Don't forget to script a restart of iptables. D'Oh!
[1] We do not host mail for others. Fairly low volume: ~ 25,000 msg/day

-Loren K Louthan | tel: 818 786 2110 | AIM: LorenSRAR
-Data Communications Engineer - CRISNet Regional MLS
Government's view of the economy could be summed up in a few short 
phrases: If it moves, tax it. If it keeps moving, regulate it. And if 
it stops moving, subsidize it."
-Ronald Wilson Reagan