On Mon, 14 Mar 2005 08:03:25 +0100, Roger Grosswiler <roger@xxxxxxxx> wrote: > Roger Grosswiler schrieb: > > Bob Brennan schrieb: > > [snip] > > > >>> Probably a good idea to shut them off semi-permanently: > >>> add these lines to your iptables firewall: > >>> (Note - there are more general ways to script iptables setups) > >>> (Read "better ways", but this is a specific example) > >>> > >>> # Next 8 lines specific to tfn.net.tw > >>> # Log any connection attempts by tfn,net.tw > >>> iptables -A INPUT -i eth0 -s 219.81.0.0/16 -j LOG --log-prefix > >>> "static.tfn.net.tw" > >>> iptables -A INPUT -i eth0 -s 61.31.0.0/16 -j DROP -j LOG > >>> --log-prefix "dynamic.tfn.net.tw " > >>> > >>> # Drop dynamic.tfn.net.tw > >>> iptables -A INPUT -i eth0 -s 61.31.0.0/16 -j DROP > >>> # Drop static.tfn.net.tw > >>> iptables -A INPUT -i eth0 -s 219.81.0.0/16 -j DROP > > > > [/snip] > > > > Hi Bob, > > > > Good way to get the spammer of your ports ;-) > > > > See here 2 links, where you chan check your mailserver immediately for > > your "open relay". There is no need to register or whatever - just type > > your ip and go. You will see if your mailserver is secure enough or > > which methods still could be used, to send spam via your mailserver. > > > > http://www.relaycheck.com/test.asp > > http://www.antispam-ufrj.pads.ufrj.br/ > > > > Have you built-in RBL-Support for your mailserver? This perhaps could > > get your spammer even off your mailserver. See 3 free lists below. > > > > bl.spamcop.net, > > relays.ordb.org, > > sbl.spamhaus.org, > > > > btw. preferably you use by today no longer pop-before-smtp, either use > > smtp-auth. If you authenticate your users in pop/imap against mysql you > > COULD use the same database for smtp either. > > > > HTH > > Roger > > > btw. doing perror 13 in shell gives the following: > > [roger@link ~]$ perror 13 > Error code 13: Permission denied > > ...i had this too, this was an issue from selinux. You could either > disable mysql-support in selinux (system-config-securitylevel) or try to > relabel your system. This helped me, in some way (...) > > /sbin/fixfiles relabel > > make also sure, that your /var/lib/mysql is chowned -R mysql:mysql Hi Roger, Thanks very much for all of the handy tips - I remember seeing the "/sbin/fixfiles relabel" trick in previous postings on this list and I will try that right away - I am anxious to re-enable SELinux asap. I still got more than 500 attempts by the spammer(s) yesterday but hopefully the iptables fix from Jeff Kinz will finally put an end to that today. I think their persistant, but futile attempts to send proves that it is simply Windoze zombie machines out there wasting our time and bandwidth. Thanks again for the help, bob
