On Tue, 22 Jul 2003 17:49:55 +0200 Tony Earnshaw <[EMAIL PROTECTED]> wrote:
> Luis Hernán Otegui wrote: > > > Hi, folks, between yesterday and today I've been suffering DOS attacks > > using messages like the one I've attached. > > Many times I've received messages of such this style, but they were > > merely "decoys" sent by the spammers to see if the destination address > > was real and working. But since yesterday, the number of this messages > > scaled to 300 and up an hour! > > Don't know what alternativagratis.com has to do with you (perhaps it's > your true love with a sense of humor), but if you don't normally have > anything to do with it: > > In local.cf: > > header ALTERNATIVAGRATIS Received =~ /\.alternativagratis\.com/ > describe ALTERNATIVAGRATIS My girl friend with the sense of humor > score ALTERNATIVAGRATIS 100 > > On the other hand, it could be that it comes from different sources > (Received) the whole time. Then the above is useless. Otherwise, consider handling it further upstream: ipchains -A input -i eth0 -s 64.116.231.0/24 -j DENY -l iptables or ipfw equivalents shouldn't be too hard to derive; you may want to change DENY to REJECT. See also http://openrbl.org/ip/64/116/231/110.htm -- Bob ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
