9 Feb
2014
9 Feb
'14
1:54 p.m.
Hello group:
Need some collective help here on a mail system hacker issue I've been having.
First, the IP address on my system he's coming in on is 44.2.14.1
This person is dumping thousands of random emails into my system and some
of them will match BBS AREA patterns and get forwarded out to my forward
partners.
At first, I set up a log book scan script to look for bad logins, and then
ban the IP address, but then I found out that since my 44.2.14.1 ip address
goes "around" my firewall via UCSD, the block rules literally have zero effect.
I found a common "from" (online...@....) line in his emails, so in my
"rewrite" file I used this command "onl*@* | *@* refuse" but that
also had
zero effect.
Then I tried telling JNOS "stop smtp" and "stop pop3" and that had
zero effect.
JNOS's email system uses very old RFC rules, and none of the modern RFC
rules, so it's easy for this hacker to login to my JNOS mail server and
dump this junk. Luckily most get held, but as stated, a few match forward
patterns, so they slip through.
Right now I've completely taken my JNOS off-line until a fix can be found.
Anyone have some suggestions on blocking smtp and pop3 when my 44.2.14.1
address is live to global net ?
Any advise is appreciated in advance.
Thanks
Bill
KG6BAJ