| View previous topic :: View next topic |
| Author |
Message |
jlward4th
Tux's lil' helper
Joined: 07 Jan 2003
Posts: 83
|
 Posted: Wed Dec 19, 2007 5:28 pm Post subject: [resolved] Blocking Postfix Spam Bombs? |
 |
|
I've been getting hit by some crazy distributed spam bombs for a few days now. The attacks come from thousands of different hosts and try to phish for email addresses. Here is one rejected attempt:
| Code: | | Dec 19 09:21:23 temple postfix/smtpd[16631]: NOQUEUE: reject: RCPT from mail.wocken.com[62.225.141.131]: 450 4.1.1 <donaldpiggishanderson@jamesward.org>: Recipient address rejected: User unknown in virtual mailbox table; from=<webmaster@mail.wocken.com> to=<donaldpiggishanderson@jamesward.org> proto=ESMTP helo=<mail.wocken.com> |
Since these attacks are coming from many different hosts I can't easily just block hosts. Is there any easy way to stop these attacks with Postfix? I already have the following setting in Postfix:
| Code: | | unknown_local_recipient_reject_code = 550 |
Thanks in advance.
Last edited by jlward4th on Mon Dec 24, 2007 12:06 am; edited 1 time in total |
|
| Back to top |
|
 |
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9679
Location: almost Mile High in the USA
|
| Posted: Wed Dec 19, 2007 6:05 pm Post subject: |
|
|
You could just grep all those away, or disable mail completely? (obviously with the side effect of not receiving any more legitimate mail.)
Really no matter what you do, you'll still get some sort of connection from the spam source host. As soon as it reveals it's trying to send to a nonexistent address, then you get the log, then it will finally disconnect...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Wed Dec 19, 2007 6:26 pm Post subject: |
|
|
It's more likely that someone has been using your domain as their from: address. What you're seeing is bounces from legitimate mail servers to the randomly generated from addresses at your domain. At least that's what I usually see under the same conditions. Unfortunately there is no decent way to deal with this.
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9679
Location: almost Mile High in the USA
|
| Posted: Wed Dec 19, 2007 11:28 pm Post subject: |
|
|
Sorry to have to say this but
"Welcome to the realities of the real world."
I get so much crap over the internet, all I can do is ignore them as much as I can. I get so much junk spam scatterbacks, ftp warez server searches, ssh attempts, phpbb spam posters, ugh...
The spam scatterbacks I can't do much about but eat them.
ssh attempts - if it's random, same thing, have to eat, else I do have something like fail2ban.
ftp searches - well i disabled ftpd, problem solved.
phpbb spam posters, well this one I hacked up a solution that has seemed to work - those OCR bots seem to now have some trouble decoding my captchas. No more spam registrations! woohoo!
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
linuxpyro
Apprentice
Joined: 08 Sep 2004
Posts: 255
|
|
| Back to top |
|
|
jlward4th
Tux's lil' helper
Joined: 07 Jan 2003
Posts: 83
|
|
| Back to top |
|
|
|
Networking & Security
