On Wed, 06 May 2009, Charles Marcus wrote: > I sent him a farewell 'frak off' email directly (yeah, I know, childish > of me), then smtp rejected anything from his address (using a > 'check_sender_access' hash with his email address in it (simple reject > applied, otherwise nothing offensive): > > myhost ~ postconf -n | grep check_sender
Show entire output instead of snippets via grep. > Well, grepping the logs shows that this ms (miserable slimeball) did > something that caused 351 of these 'UCE AND ABUSE DETECTED' messages > (see attached) to flood my server within 3 minutes (glad I didn't have > to leave my desk for any length of time when it happened). Whatever he > did was about 40 minutes after the two rejects I noticed from him in the > logs. The headers show as from and to myself... > > Ok, fine, the way I attempted to block him obviously isn't the best way > to do so, but I want to take this opportunity to learn the following > (pointers to rtfm gratefully accepted): > > 1. What is the best way to 'plonk' someone at the smtp level? Identify them in some way (ENVELOPE sender, connecting IP, et cetera) and REJECT them. > 2. What exactly was wrong with the way I went about blocking this idiot? Provide more information, especially some relevant logs instead of a portion of the messages you were receiving. > 3. What was the mechanism employed to flood my server with these > messages, and how do I protect against it in the future (maybe simply > changing the way I'm blocking unwanted senders now will accomplish > that?)? See answer to Q2. > 4. Should I report his abuse? Or was it deserved because of the way I > was using check_sender_access? To whom would you report it? :-) -- Sahil Tandon <sa...@tandon.net>
