I would not think so. Filtering is based on a simple premise... don not
accept packets from a specific IP address or range of IP's. If you don't
know what IP 's to filter, then you must find a way to get that
information. Try netstat -n or grep your mail logs for the IP's in
question.... sooner or later you wil have a bunch of IP's to filter...
that's a good starting point.
Paul Farber
Farber Technology
[EMAIL PROTECTED]
Ph 570-628-5303
Fax 570-628-5545
On Sun, 26 Sep 1999, Abel Lucano wrote:
> On Sat, 25 Sep 1999 [EMAIL PROTECTED] wrote:
>
> > find out that ip address aol is using and
> > ipfwadm -I -a deny -S AOL.IP.ADDRESS.HERE -D YOUR.MAIL.SERVER.IP
> >
> > or use tcpserver.
>
> i believe that i'm doing so, but aol relays rotates and i'm receiving
> bounces from differents ip's (lot of aol's relays)
> Maybe i don't understand filtering fully;
> Perhaps there is an script or rule to stop mail bombing by subject or
> whatever else.
>
> Thanks again
>
> Abel Lucano
> email: [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
>
> > On Sat, 25 Sep 1999, Abel Lucano wrote:
> >
> > > I'm receiving hundreds of mails bounced from aol.com, and i cannot put the
> > > right rule in badmailfrom to effective filtering
> > >
> > > Our main MX running qmail-1.03 with tcpserver is called ferro.ba.net at
> > > 200.41.130.3; it's NOT an open relay.
> > > ba.net is our domain.
> > >
> > > There's an spammer at ppp187.champaign.advancenet.net [206.221.224.187]
> > > sending mails "as from ba.net domain" to aol.com domain
> > >
> > > I'm receiving all the bounces. (a lot!!)
> > > Do I put in badmailfrom all the aol.com relays
> > > @rly-yc05.mail.aol.com, etc? (a lot)
> > >
> > > (putting @aol.com for a moment doesn't works neither)
> > >
> > > Please, i would appreciate very much any advice to stop this.
> > >
> > > Thanks (a lot) in advance
> > >
> > > Abel Lucano
> > > email: [EMAIL PROTECTED]
> > > [EMAIL PROTECTED]
> > >
> > >
> > >
> > > Below one copy of one bounce.
> > >
> > >
> > >
> > > Return-Path: <>
> > > Received: (qmail 27016 invoked from network); 25 Sep 1999 19:41:56 -0000
> > > Received: from aolmbd02.mx.aol.com (205.188.156.76)
> > > by ferro.ba.net with SMTP; 25 Sep 1999 19:41:56 -0000
> > > Received: from rly-yc05.mx.aol.com (rly-yc05.mail.aol.com [172.18.149.37])
> > > by aolmbd02.mx.aol.com (8.8.8/8.8.5/AOL-2.0.0)
> > > with ESMTP id SAA23285 for <[EMAIL PROTECTED]>;
> > > Sat, 25 Sep 1999 18:32:38 -0400 (EDT)
> > > Received: from localhost (localhost)
> > > by rly-yc05.mx.aol.com (8.8.8/8.8.5/AOL-4.0.0)
> > > with internal id SAB04911;
> > > Sat, 25 Sep 1999 18:32:38 -0400 (EDT)
> > > Date: Sat, 25 Sep 1999 18:32:38 -0400 (EDT)
> > > From: Mail Delivery Subsystem <[EMAIL PROTECTED]>
> > > Message-Id: <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > MIME-Version: 1.0
> > > Content-Type: multipart/report; report-type=delivery-status
> > > boundary="SAB04911.938298758/rly-yc05.mx.aol.com"
> > > Subject: Returned mail: User unknown
> > > Auto-Submitted: auto-generated (failure)
> > >
> > > This is a MIME-encapsulated message
> > >
> > > --SAB04911.938298758/rly-yc05.mx.aol.com
> > >
> > > The original message was received at Sat, 25 Sep 1999 18:32:33 -0400 (EDT)
> > > from ppp187.champaign.advancenet.net [206.221.224.187]
> > >
> > >
> > > *** ATTENTION ***
> > >
> > > Your e-mail is being returned to you because there was a problem with its
> > > delivery. The AOL address which was undeliverable is listed in the
> > > section
> > > labeled: "----- The following addresses had permanent fatal errors -----".
> > >
> > > The reason your mail is being returned to you is listed in the section
> > >
> > > labeled: "----- The following addresses had permanent fatal errors -----".
> > >
> > > The reason your mail is being returned to you is listed in the section
> > > labeled: "----- Transcript of Session Follows -----".
> > >
> > > The line beginning with "<<<" describes the specific reason your e-mail
> > > could
> > > not be delivered. The next line contains a second error message which is
> > > a
> > > general translation for other e-mail servers.
> > >
> > > Please direct further questions regarding this message to your e-mail
> > > administrator.
> > >
> > > --AOL Postmaster
> > >
> > > <[EMAIL PROTECTED]>
> > > ----- Transcript of session follows -----
> > > ... while talking to air-yc01.mail.aol.com.:
> > > >>> RCPT To:<[EMAIL PROTECTED]>
> > > <<< 550 xena1948 IS NOT ACCEPTING MAIL FROM THIS SENDER
> > > 550 <[EMAIL PROTECTED]>... User unknown
> > >
> > > --SAB04911.938298758/rly-yc05.mx.aol.com
> > > Content-Type: message/delivery-status
> > >
> > > Reporting-MTA: dns; rly-yc05.mx.aol.com
> > > Arrival-Date: Sat, 25 Sep 1999 18:32:33 -0400 (EDT)
> > >
> > > Final-Recipient: RFC822; [EMAIL PROTECTED]
> > > Action: failed
> > > Status: 2.0.0
> > > Remote-MTA: DNS; air-yc01.mail.aol.com
> > > Diagnostic-Code: SMTP; 250 OK
> > > Last-Attempt-Date: Sat, 25 Sep 1999 18:32:38 -0400 (EDT)
> > > ast-Attempt-Date: Sat, 25 Sep 1999 18:32:38 -0400 (EDT)
> > >
> > > --SAB04911.938298758/rly-yc05.mx.aol.com
> > > Content-Type: message/rfc822
> > >
> > > Received: from ba.net (ppp187.champaign.advancenet.net [206.221.224.187])
> > > by
> > > rly-yc05.mx.aol.com (v61.9) with ESMTP; Sat, 25 Sep 1999 18:32:32 -0400
> > > From: <[EMAIL PROTECTED]>
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: Hey man
> > > Date: Sat, 25 Sep 1999 17:32:44
> > > Message-Id: <[EMAIL PROTECTED]>
> > > Reply-To: [EMAIL PROTECTED]
> > > Mime-Version: 1.0
> > > Content-Type: text/html; charset="us-ascii"
> > >
> > >
> > > <html>
> > > <HEAD>
> > >
> > > <HEAD>
> > > <TITLE>(Type a title for your page here)</TITLE>
> > >
> > > </HEAD>
> > >
> > > <BODY BACKGROUND="" BGCOLOR="#000000" TEXT="white" LINK="red" VLINK=""
> > > ALINK="#ff0000">
> > >
> > > <A HREF="http://3470651298/barney/"><FONT SIZE="+2">Click Here</FONT>>
> > > <B><A HREF="http://3470651298/barney/"><FONT SIZE="+1" color="cyan">Hi
> > > There...My names is Amber. My girlfriends Elaine and Louise came over
> > > this
> > > past weekend with their new digital camera, and after a little wine, and a
> > > lot
> > > of foolin' around, we got a little crazy...Anyways, now that the pictures
> > > are
> > > taken, we might as well show them to SOMEONE, so how about
> > > you?</FONT></a></B><BR>
> > > <A HREF="http://3470651298/barney/"><FONT SIZE="+2">Click Here</FONT>
> > >
> > > </BODY>
> > > </html>
> > >
> > >
> > >
> > >
> >
> >
>
>
