> > Here is a truncated logwatch indicating more than 1000 spams sent but > > seemingly a lot more denied, and most if not all bounced. I have > > truncated the "Relaying denied" list because it ran into pages. There > > are continuing attempts to relay through my server, every few minutes, > > all denied now. Hopefully the bast**ds will give up and move on > > soon... > > > > Probably a good idea to shut them off semi-permanently: > add these lines to your iptables firewall: > (Note - there are more general ways to script iptables setups) > (Read "better ways", but this is a specific example) > > # Next 8 lines specific to tfn.net.tw > # Log any connection attempts by tfn,net.tw > iptables -A INPUT -i eth0 -s 219.81.0.0/16 -j LOG --log-prefix "static.tfn.net.tw" > iptables -A INPUT -i eth0 -s 61.31.0.0/16 -j DROP -j LOG --log-prefix "dynamic.tfn.net.tw " > > # Drop dynamic.tfn.net.tw > iptables -A INPUT -i eth0 -s 61.31.0.0/16 -j DROP > # Drop static.tfn.net.tw > iptables -A INPUT -i eth0 -s 219.81.0.0/16 -j DROP Thanks for that Jeff - I don't completetly understand the notation but I do appreciate the intent of the above command lines and have entered them into my system. I will keep an eye on my logwatch reports and add more spam-sources as needed. Thanks for doing your bit against the spammers, bob
