Re: [SAtalk] OT: Spam hell

[Pete Hanson]

I had something very similar to this a few days ago - the bastard was 
running through every possible email address:   a b c ... z aa ab .. 
zy zz aaa ... zzz.  He was up into low 4-letter combos before I 
discovered it.  Fortunately, though, he was using two IPs that I was 
able to blackhole.  I fear, though, that it may become a regular 
occurrence - it builds up huge log files in almost no time.  Even 
with plenty of storage, something like this can fill your disk in no 
time.



At 8:53 PM +0200 8/27/03, alexander wrote:
On 08/27/03 05:52 PM, David sat at the `puter and typed:

Hi gurus,

Sorry if this is a little bit off topic but I?m in deep trouble. I?m
running a Postfix server for a couple of domains with just a few
users.
The setup is pretty secure (I think) and and don't find any evidence
in my logs that I have an open relay. The problem is that I got a
LOT of connections from someone that tries to send e-mail to fake
users at my domain. The logfile grows at rapid speed and I got 180
MB log just for the last 12 hours.
The connections are from random IP-addresses. It's  different
addresses and domains each time, but the pattern is the same.
Example 1:
Aug 27 17:54:44 www postfix/smtpd[10056]: 73D9110F26: reject: RCPT
from smtp.terra.es[213.4.129.129]: 550 <[EMAIL PROTECTED]>: User
unknown in virtual alias table; from=<> proto=ESMTP
helo=<tsmtp8.mail.isp>
Example 2:

Aug 27 17:54:42 www postfix/smtpd[10069]: E2D9910F2E: reject: RCPT
from host048021.arnet.net.ar[200.45.48.21]: 550
<[EMAIL PROTECTED]>: User unknown in virtual alias table;
from=<> proto=ESMTP helo=<smtp-mx-02.ti.local>
Any idea how to stop this. The server is behind a firewall, so I
guess it?s possible to block this bastard, but I don't know how to
nail him.
TIA, /David
  

Ok, I know you have directed this query to gurus, but I'm gonna
present a suggestion anyway.
I'm not familiar with postfix - I run Sendmail myself and I'm hardly a
guru there either - but can't you require validation to connect to the
server?  All users on my system have to validate before being allowed
to send mail.  Unless I'm mistaken, that prevents outside spammers
from connecting like that and sending mail anywhere, inside or out.
HTH
Lou




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


--
Pete `-_-'
You learn to write as if to someone else because NEXT YEAR YOU WILL BE
"SOMEONE ELSE."
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk