Roman Gelfand wrote:
This is excellent. If you have other non-content spam filtering
suggestion, I would greatly appreciate it.
You post in HTML, and you top-post. Please observe list
etiquette if you want further answers.
As someone else already pointed out, the client also used a
unqual
This is excellent. If you have other non-content spam filtering suggestion,
I would greatly appreciate it.
On Wed, Jul 29, 2009 at 9:23 PM, Noel Jones wrote:
> Roman Gelfand wrote:
>
>> It looks like somebody is trying to figure out my internal users as
>> evidenced by log excerpts below. Is t
> Apart from the IPTables a more autonomous fix could be done with the
> (improper ?) use of Anvil. Any more than X connections in a couple of
> minutes and goodnight sweetheart.
This is generally strongly advised against. anvil is a DoS-protection
mechanism, not a rate-limit tool - it exists to h
On Thu, 2009-07-30 at 08:59 +0200, Ralf Hildebrandt wrote:
> * Evan Platt :
> > At 03:59 PM 7/29/2009, you wrote:
> > >It looks like somebody is trying to figure out my internal users as
> > >evidenced by log excerpts below. Is there something I could do to, if
> > >not prevent this, reduce it?
>
* Evan Platt :
> At 03:59 PM 7/29/2009, you wrote:
> >It looks like somebody is trying to figure out my internal users as
> >evidenced by log excerpts below. Is there something I could do to, if
> >not prevent this, reduce it?
>
> If you're seeing a lot of attempts, I say just block them in your
On Thu, July 30, 2009 00:59, Roman Gelfand wrote:
> It looks like somebody is trying to figure out my internal users as
> evidenced by log excerpts below. Is there something I could do to, if
> not prevent this, reduce it?
reject more helo ?
the shown logs was all not fqdn helo
--
xpoint
Roman Gelfand wrote:
It looks like somebody is trying to figure out my internal users as
evidenced by log excerpts below. Is there something I could do to, if
not prevent this, reduce it?
Thanks in advance
Jul 29 15:00:14 mail postfix/smtpd[2448]: NOQUEUE: reject: RCPT from
unknown[93.85.224.1
Roman Gelfand wrote:
> Should I block 1 address or subnet?
>
I'd start with just the IP, personally.
~Seth
Should I block 1 address or subnet?
On Wed, Jul 29, 2009 at 7:05 PM, Seth Mattinen wrote:
> Roman Gelfand wrote:
> > It looks like somebody is trying to figure out my internal users as
> > evidenced by log excerpts below. Is there something I could do to, if
> > not prevent this, reduce it?
> >
Roman Gelfand wrote:
> It looks like somebody is trying to figure out my internal users as
> evidenced by log excerpts below. Is there something I could do to, if
> not prevent this, reduce it?
>
You could use fail2ban to look for too many "RCPT from unknown" entries
and block the IP address.
At 03:59 PM 7/29/2009, you wrote:
It looks like somebody is trying to figure out my internal users as
evidenced by log excerpts below. Is there something I could do to, if
not prevent this, reduce it?
If you're seeing a lot of attempts, I say just block them in your firewall...
# whois 93.85
It looks like somebody is trying to figure out my internal users as
evidenced by log excerpts below. Is there something I could do to, if
not prevent this, reduce it?
Thanks in advance
Jul 29 15:00:14 mail postfix/smtpd[2448]: NOQUEUE: reject: RCPT from
unknown[93.85.224.123]: 550 5.1.1
http://g
12 matches
Mail list logo
