On Sat, Mar 12, 2005 at 09:51:04AM +0000, Bob Brennan wrote: > Here is a truncated logwatch indicating more than 1000 spams sent but > seemingly a lot more denied, and most if not all bounced. I have > truncated the "Relaying denied" list because it ran into pages. There > are continuing attempts to relay through my server, every few minutes, > all denied now. Hopefully the bast**ds will give up and move on > soon... > Probably a good idea to shut them off semi-permanently: add these lines to your iptables firewall: (Note - there are more general ways to script iptables setups) (Read "better ways", but this is a specific example) # Next 8 lines specific to tfn.net.tw # Log any connection attempts by tfn,net.tw iptables -A INPUT -i eth0 -s 219.81.0.0/16 -j LOG --log-prefix "static.tfn.net.tw" iptables -A INPUT -i eth0 -s 61.31.0.0/16 -j DROP -j LOG --log-prefix "dynamic.tfn.net.tw " # Drop dynamic.tfn.net.tw iptables -A INPUT -i eth0 -s 61.31.0.0/16 -j DROP # Drop static.tfn.net.tw iptables -A INPUT -i eth0 -s 219.81.0.0/16 -j DROP > 2441/125: 219-81-152-11.static.tfn.net.tw [219.81.152.11] > 1250/74: 61-31-142-15.dynamic.tfn.net.tw [61.31.142.15] > 1200/78: 219-81-147-236.static.tfn.net.tw [219.81.147.236] -- "The only system which is truly secure, is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn't stake my life on it" - Gene Spafford http://kinz.org http://www.fedoranews.org Jeff Kinz, Emergent Research, Hudson, MA.
