On Sun, 10 Nov 2002 00:16:30 -0600
"W. D." <[EMAIL PROTECTED]> wrote:
>At 21:17 11/9/2002, Jack L. Stone wrote:
>>At 03:04 AM 11.10.2002 +0100, Gustaf Sjoberg wrote:
>>>On Sat, 09 Nov 2002 15:13:09 -0600
>>>"W. D." <[EMAIL PROTECTED]> wrote:
>>>
>>>either block incomming port 25 connections or set the smtserver to require
>>authentication.
>>>
>>>ipfw entry could look something like:
>>>
>>>add <rule#> deny log tcp from any to <yourip> 25 in recv <interface>
>
>This would completely block SMTP wouldn't it? I do have clients
>on this server using email.
yes it would, change it to:
add <rule#> deny log tcp from <spammersip> to <yourip> 25 in recv <interface>
>
>
>
>
>>>
>>>>Hi folks,
>>>>
>>>>I've got some bozo from:
>>>>
>>>> SpaWeb1.spaelegance.com..auth
>>>>
>>>>doing all kinds of SMTP activity on my FreeBSD server. Does anyone
>>>>know how to stop this? What kind of entry would I add to ipfw?
>>>>
>>>>Does anyone know what vulnerability this might be? How to stop
>>>>permanently?
>>>>
>>
>>Get the IP of the spammer if possible. I've had to use a total block like
>>this:
>>##### DENY INTRUDER through external interface
>> #${fwcmd} add deny all from 66.000.00.000 to any via ${oif}
>
>Where is ${oif} defined?
>
>When I run a command like this it doesn't understand 'fwcmd'.
>
>usw2# {fwcmd} add deny log all from 168.93.100.59/16 to any in via ${oif}
>oif: Undefined variable.
>
>usw2# {fwcmd} add deny log all from 168.93.100.59/16 to any in via lo0
>fwcmd: Command not found.
>
>>
>>Reload the firewall rules....
>>
>>Best regards,
>>Jack L. Stone,
>>Administrator
>>
>>SageOne Net
>>http://www.sage-one.net
>>[EMAIL PROTECTED]
>
>Start Here to Find It Fast!© -> http://www.US-Webmasters.com/best-start-page/
>
>
>To Unsubscribe: send mail to [EMAIL PROTECTED]
>with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
