NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2008-01

Re: being mailbombed..or something

From: Terry Carmen (terrycnysupport.com)
Date: Tue Jan 01 2008 - 19:45:37 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>> 1 merloptlqsixcompanies.com (<>)
>>> 1 Mikhail-Rowensixcompanies.com (<>)
>>> 1 Miu_Connollysixcompanies.com (<>)
>>> 1 Natorywasixcompanies.com (<>)
>>> (tons and tons of these)
>>>
>> Backscatter. Joe-job.
>>
>
> I don't think so.
> imho it is a bot-net spam-attack.
>
Bots are pretty easy to kill. You can refuse to talk to them by matching
their reverse DNS against a regular expression.

This has also been a huge help.

There's just no reason to accept mail from a Dynamic IP or an IP with no
reverse DNS, so blocking them cuts WAY down on bots. I can't take credit
for the list. Most of it was written by someone else (sorry, don't
remember who). I added the last handful of entries.

Save the text below as spam_ip_regex, and add:

check_client_access regexp:/etc/postfix/spam_ip_regex

and

reject_unknown_reverse_client_hostname

to your smtpd_client_restrictions section.

Postfix can handle a ton of traffic when all it has to do is reject. 8-)

Terry

####################################################33
/^dsl.*\..*\..*/i 553 AUTO_DSL Email Rejected.
/[ax]dsl.*\..*\..*/i 553 AUTO_XDSL Email Rejected.
/client.*\..*\..*/i 553 AUTO_CLIENT Email Rejected.
/cable.*\..*\..*/i 553 AUTO_CABLE Email Rejected.
/dial.*\..*\..*/i 553 AUTO_DIAL Email Rejected.
/.*dial[\-]*in.*/i 553 AUTO_DIAL2 Email Rejected.
/ppp.*\..*\..*/i 553 AUTO_PPP Email Rejected.
/dslam.*\..*\..*/i 553 AUTO_DSLAM Email Rejected.
/node.*\..*\..*/i 553 AUTO_NODE Email Rejected.
/.*dial-up.*/i 553 AUTO_DIAL_UP_ID_PATTERN
Email Rejected.
/.*\.dhcp.*/i 553 AUTO_DHCP_ID_PATTERN Email
Rejected.
/.*[0-9]+[\.-][0-9]+[\.-][0-9]+[\.-][0-9]+[\.-]+.*/i 553
AUTO_DYNAMIC_ID_PATTERN_DOT_DASH Email Rejected.
/.*[0-9]+[\.-]net[\.-][0-9]+[\.-][0-9]+[\.-][0-9]+[\.-]+.*/i 553
AUTO_DYNAMIC_ID_PATTERN_DOT_DASH_NET Email Rejected.
/.*[0-9]+-[0-9]+-[0-9]+-[0-9]+\..*/i 553
AUTO_DYNAMIC_ID_PATTERN_DASHES Email Rejected.
/.*internetdsl.tpnet.pl/i 553 AUTO_PL_DSL_PATTERN
Email Rejected.
/.*\.cable.net.co\..*/i 553 AUTO_CABLE_DOT_NET
Email Rejected.
/.*dynamic.*/i 553 AUTO_DYNAMIC_PATTERN
Email Rejected.
/.*ppp.*/i 553 AUTO_PPP_PATTERN Email Rejected.
/.*user.*/i 553 AUTO_USER_PATTERN Email
Rejected.

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]