OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: being mailbombed..or something

vg_ushotmail.com
Date: Tue Jan 01 2008 - 20:13:27 CST

----- Original Message -----
From: <terry.gilsenaninteroil.com>
Cc: <postfix-userspostfix.org>
Sent: Tuesday, January 01, 2008 9:08 PM
Subject: Re: being mailbombed..or something

> Matthias Schmidt wrote:
>> Am/On Tue, 1 Jan 2008 20:45:37 -0500 schrieb/wrote Terry Carmen:
>>
>>
>>>>>> 1 merloptlqsixcompanies.com (<>)
>>>>>> 1 Mikhail-Rowensixcompanies.com (<>)
>>>>>> 1 Miu_Connollysixcompanies.com (<>)
>>>>>> 1 Natorywasixcompanies.com (<>)
>>>>>> (tons and tons of these)
>>>>>>
>>>>> Backscatter. Joe-job.
>>>>>
>>>> I don't think so.
>>>> imho it is a bot-net spam-attack.
>>>>
>>> Bots are pretty easy to kill. You can refuse to talk to them by matching
>>> their reverse DNS against a regular expression.
>>>
>>> This has also been a huge help.
>>>
>>> There's just no reason to accept mail from a Dynamic IP or an IP with no
>>> reverse DNS, so blocking them cuts WAY down on bots. I can't take credit
>>> for the list. Most of it was written by someone else (sorry, don't
>>> remember who). I added the last handful of entries.
>>>
>>> Save the text below as spam_ip_regex, and add:
>>>
>>> check_client_access regexp:/etc/postfix/spam_ip_regex
>>>
>>> and
>>>
>>> reject_unknown_reverse_client_hostname
>>>
>>> to your smtpd_client_restrictions section.
>>>
>>> Postfix can handle a ton of traffic when all it has to do is reject. 8-)
>>>
>>> Terry
>>>
>>>
>>>
>>> ####################################################33
>>> /^dsl.*\..*\..*/i 553 AUTO_DSL Email Rejected.
>>> /[ax]dsl.*\..*\..*/i 553 AUTO_XDSL Email
>>> Rejected.
>>> /client.*\..*\..*/i 553 AUTO_CLIENT Email
>>> Rejected.
>>> /cable.*\..*\..*/i 553 AUTO_CABLE Email
>>> Rejected.
>>> /dial.*\..*\..*/i 553 AUTO_DIAL Email
>>> Rejected.
>>> /.*dial[\-]*in.*/i 553 AUTO_DIAL2 Email
>>> Rejected.
>>> /ppp.*\..*\..*/i 553 AUTO_PPP Email Rejected.
>>> /dslam.*\..*\..*/i 553 AUTO_DSLAM Email
>>> Rejected.
>>> /node.*\..*\..*/i 553 AUTO_NODE Email
>>> Rejected.
>>> /.*dial-up.*/i 553 AUTO_DIAL_UP_ID_PATTERN
>>> Email Rejected.
>>> /.*\.dhcp.*/i 553 AUTO_DHCP_ID_PATTERN Email
>>> Rejected.
>>> /.*[0-9]+[\.-][0-9]+[\.-][0-9]+[\.-][0-9]+[\.-]+.*/i 553
>>> AUTO_DYNAMIC_ID_PATTERN_DOT_DASH Email Rejected.
>>> /.*[0-9]+[\.-]net[\.-][0-9]+[\.-][0-9]+[\.-][0-9]+[\.-]+.*/i 553
>>> AUTO_DYNAMIC_ID_PATTERN_DOT_DASH_NET Email Rejected.
>>> /.*[0-9]+-[0-9]+-[0-9]+-[0-9]+\..*/i 553
>>> AUTO_DYNAMIC_ID_PATTERN_DASHES Email Rejected.
>>> /.*internetdsl.tpnet.pl/i 553 AUTO_PL_DSL_PATTERN
>>> Email Rejected.
>>> /.*\.cable.net.co\..*/i 553 AUTO_CABLE_DOT_NET
>>> Email Rejected.
>>> /.*dynamic.*/i 553 AUTO_DYNAMIC_PATTERN
>>> Email Rejected.
>>> /.*ppp.*/i 553 AUTO_PPP_PATTERN Email
>>> Rejected.
>>> /.*user.*/i 553 AUTO_USER_PATTERN Email
>>> Rejected.
>>>
>>>
>>
>>
>> with these rules you might also reject legal eMails from servers running
>> via dyndns, or?
>>
> <snip>
>
> Surely that would depend entirely on the recipients interpretation of
> "legal eMails", eg: my server, my rules.
>
> I am of the opinion that people on dynamic connections should ether be
> relaying emails via their ISP's SmartHost, or connecting to the submission
> port and authenticating (method not discussed here). Its one or the other.
>
> Regards,
> T
>

your server, your rules? say "hi" to aol and hotmail, my friend.

vadim