NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2008-01

Re: being mailbombed..or something

From: Matthias Schmidt (betaadmilon.net)
Date: Tue Jan 01 2008 - 19:58:42 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am/On Tue, 1 Jan 2008 20:45:37 -0500 schrieb/wrote Terry Carmen:

>
>>>> 1 merloptlqsixcompanies.com (<>)
>>>> 1 Mikhail-Rowensixcompanies.com (<>)
>>>> 1 Miu_Connollysixcompanies.com (<>)
>>>> 1 Natorywasixcompanies.com (<>)
>>>> (tons and tons of these)
>>>>
>>> Backscatter. Joe-job.
>>>
>>
>> I don't think so.
>> imho it is a bot-net spam-attack.
>>
>Bots are pretty easy to kill. You can refuse to talk to them by matching
>their reverse DNS against a regular expression.
>
>This has also been a huge help.
>
>There's just no reason to accept mail from a Dynamic IP or an IP with no
>reverse DNS, so blocking them cuts WAY down on bots. I can't take credit
>for the list. Most of it was written by someone else (sorry, don't
>remember who). I added the last handful of entries.
>
>Save the text below as spam_ip_regex, and add:
>
>check_client_access regexp:/etc/postfix/spam_ip_regex
>
>and
>
>reject_unknown_reverse_client_hostname
>
>to your smtpd_client_restrictions section.
>
>Postfix can handle a ton of traffic when all it has to do is reject. 8-)
>
>Terry
>
>
>
>####################################################33
>/^dsl.*\..*\..*/i 553 AUTO_DSL Email Rejected.
>/[ax]dsl.*\..*\..*/i 553 AUTO_XDSL Email Rejected.
>/client.*\..*\..*/i 553 AUTO_CLIENT Email Rejected.
>/cable.*\..*\..*/i 553 AUTO_CABLE Email Rejected.
>/dial.*\..*\..*/i 553 AUTO_DIAL Email Rejected.
>/.*dial[\-]*in.*/i 553 AUTO_DIAL2 Email Rejected.
>/ppp.*\..*\..*/i 553 AUTO_PPP Email Rejected.
>/dslam.*\..*\..*/i 553 AUTO_DSLAM Email Rejected.
>/node.*\..*\..*/i 553 AUTO_NODE Email Rejected.
>/.*dial-up.*/i 553 AUTO_DIAL_UP_ID_PATTERN
>Email Rejected.
>/.*\.dhcp.*/i 553 AUTO_DHCP_ID_PATTERN Email
>Rejected.
>/.*[0-9]+[\.-][0-9]+[\.-][0-9]+[\.-][0-9]+[\.-]+.*/i 553
>AUTO_DYNAMIC_ID_PATTERN_DOT_DASH Email Rejected.
>/.*[0-9]+[\.-]net[\.-][0-9]+[\.-][0-9]+[\.-][0-9]+[\.-]+.*/i 553
>AUTO_DYNAMIC_ID_PATTERN_DOT_DASH_NET Email Rejected.
>/.*[0-9]+-[0-9]+-[0-9]+-[0-9]+\..*/i 553
>AUTO_DYNAMIC_ID_PATTERN_DASHES Email Rejected.
>/.*internetdsl.tpnet.pl/i 553 AUTO_PL_DSL_PATTERN
>Email Rejected.
>/.*\.cable.net.co\..*/i 553 AUTO_CABLE_DOT_NET
>Email Rejected.
>/.*dynamic.*/i 553 AUTO_DYNAMIC_PATTERN
>Email Rejected.
>/.*ppp.*/i 553 AUTO_PPP_PATTERN Email Rejected.
>/.*user.*/i 553 AUTO_USER_PATTERN Email
>Rejected.
>

with these rules you might also reject legal eMails from servers running
via dyndns, or?

Thanks and all the best

Matthias

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]