OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Franky Van Liedekerke (liedekefpandora.be)
Date: Sun Mar 03 2002 - 12:36:21 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    postfix always allows the connections before any rules are checked, so it will be very difficult to get these entries *not* in the log. What you *can* do - if you're using linux - is using iptables/ipchains to disallow acces from these ip's (or ranges) for a specific amount of time. A small script can do this for you ... or if you prefer a graphical firewall solution you can look at www.fwbuilder.org, is very easy to install and use...

    Franky

    On Sun, 3 Mar 2002 19:16:26 +0100
    Julien Beauviala <eimsaaton.com> wrote:

    > Bonsoir, hopefully a simple question. I'm having a bit of trouble with
    > "the spam that wouldn't take no for an answer". I've run out of ideas
    > on the postfix side of things to make this guy stop poluting the logs.
    > Is there a way to block this at a higher level *within postfix*, as in
    > "don't listen to that bunch of ips for about a week" ?
    >
    > Here is what I get. The mail is first blocked using the
    > smtpd_client_restrictions mechanism (it would have been blocked
    > further down by a header_checks anyway, trying to spare ressources).
    >
    > Mar 3 17:07:53 mail postfix/smtpd[21186]: 6FAC25915:
    > client=omr-r05.mx.aol.com[152.163.225.133] Mar 3 17:07:53 mail
    > postfix/smtpd[21186]: reject: RCPT from
    > omr-r05.mx.aol.com[152.163.225.133]:
    > 554<omr-r05.mx.aol.com[152.163.225.133]>: Client host rejected: Access
    > denied; from=<> to=<julienagrenoble.net> Mar 3 17:08:02 mail
    > postfix/smtpd[21610]: connect from omr-d01.mx.aol.com[205.188.156.75]
    > Mar 3 17:08:02 mail postfix/smtpd[21610]: 8F52D5914:
    > client=omr-d01.mx.aol.com[205.188.156.75] Mar 3 17:08:02 mail
    > postfix/smtpd[21610]: reject: RCPT from
    > omr-d01.mx.aol.com[205.188.156.75]:
    > 554<omr-d01.mx.aol.com[205.188.156.75]>: Client host rejected: Access
    > denied; from=<> to=<julienagrenoble.net> Mar 3 17:08:03 mail
    > postfix/smtpd[21186]: disconnect from
    > omr-r05.mx.aol.com[152.163.225.133] Mar 3 17:08:13 mail
    > postfix/smtpd[21186]: connect from omr-d11.mx.aol.com[205.188.156.79]
    > Mar 3 17:08:14 mail postfix/smtpd[21186]: 4646A5914:
    > client=omr-d11.mx.aol.com[205.188.156.79] Mar 3 17:08:14 mail
    > postfix/smtpd[21186]: reject: RCPT from
    > omr-d11.mx.aol.com[205.188.156.79]:
    > 554<omr-d11.mx.aol.com[205.188.156.79]>: Client host rejected: Access
    > denied; from=<> to=<julienagrenoble.net> Mar 3 17:08:17 mail
    > postfix/smtpd[21674]: disconnect from omr-d11.mx.aol.com[205.188.156.79]
    > Mar 3 17:08:19 mail postfix/smtpd[21616]: lost connection after RSET
    > from omr-d05.mx.aol.com[205.188.156.66] Mar 3 17:08:19 mail
    > postfix/smtpd[21616]: disconnect from omr-d05.mx.aol.com[205.188.156.66]
    > Mar 3 17:08:19 mail postfix/smtpd[21186]: disconnect from
    > omr-d11.mx.aol.com[205.188.156.79]
    >
    > [etc]
    >
    > Any ideas ? j.
    > -
    > To unsubscribe, send mail to majordomopostfix.org with content
    > (not subject): unsubscribe postfix-users
    >
    -
    To unsubscribe, send mail to majordomopostfix.org with content
    (not subject): unsubscribe postfix-users