> On Mon, 14 Mar 2005 08:03:25 +0100, Roger Grosswiler <roger@xxxxxxxx> wrote: >> Roger Grosswiler schrieb: >> > Bob Brennan schrieb: >> > [snip] >> > >> >>> Probably a good idea to shut them off semi-permanently: >> >>> add these lines to your iptables firewall: >> >>> (Note - there are more general ways to script iptables setups) >> >>> (Read "better ways", but this is a specific example) >> >>> >> >>> # Next 8 lines specific to tfn.net.tw >> >>> # Log any connection attempts by tfn,net.tw >> >>> iptables -A INPUT -i eth0 -s 219.81.0.0/16 -j LOG --log-prefix >> >>> "static.tfn.net.tw" >> >>> iptables -A INPUT -i eth0 -s 61.31.0.0/16 -j DROP -j LOG >> >>> --log-prefix "dynamic.tfn.net.tw " >> >>> >> >>> # Drop dynamic.tfn.net.tw >> >>> iptables -A INPUT -i eth0 -s 61.31.0.0/16 -j DROP >> >>> # Drop static.tfn.net.tw >> >>> iptables -A INPUT -i eth0 -s 219.81.0.0/16 -j DROP >> > >> > [/snip] >> > >> > Hi Bob, >> > >> > Good way to get the spammer of your ports ;-) >> > >> > See here 2 links, where you chan check your mailserver immediately for >> > your "open relay". There is no need to register or whatever - just type >> > your ip and go. You will see if your mailserver is secure enough or >> > which methods still could be used, to send spam via your mailserver. >> > >> > http://www.relaycheck.com/test.asp >> > http://www.antispam-ufrj.pads.ufrj.br/ >> > >> > Have you built-in RBL-Support for your mailserver? This perhaps could >> > get your spammer even off your mailserver. See 3 free lists below. >> > >> > bl.spamcop.net, >> > relays.ordb.org, >> > sbl.spamhaus.org, >> > >> > btw. preferably you use by today no longer pop-before-smtp, either use >> > smtp-auth. If you authenticate your users in pop/imap against mysql you >> > COULD use the same database for smtp either. >> > >> > HTH >> > Roger >> > >> btw. doing perror 13 in shell gives the following: >> >> [roger@link ~]$ perror 13 >> Error code 13: Permission denied >> >> ...i had this too, this was an issue from selinux. You could either >> disable mysql-support in selinux (system-config-securitylevel) or try to >> relabel your system. This helped me, in some way (...) >> >> /sbin/fixfiles relabel >> >> make also sure, that your /var/lib/mysql is chowned -R mysql:mysql > > Hi Roger, > > Thanks very much for all of the handy tips - I remember seeing the > "/sbin/fixfiles relabel" trick in previous postings on this list and I > will try that right away - I am anxious to re-enable SELinux asap. > > I still got more than 500 attempts by the spammer(s) yesterday but > hopefully the iptables fix from Jeff Kinz will finally put an end to > that today. I think their persistant, but futile attempts to send > proves that it is simply Windoze zombie machines out there wasting our > time and bandwidth. > > Thanks again for the help, > bob > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list as soon as you don't need e-mails out of those ranges, it's quite helpful, i even blocked some ranges in the beginning. when i set up rbl-checking, i had to have patience for about 1 month, since then, i just have 2-3 attempts per day. RBL sorts in good quality good from bad traffic. Unfortunately, it doesn't block those zombies - perhaps infected by a worm. But, at least for those IP's you can save yourself also dns-traffic ;-) Roger
