Re: [44net] Mail Hacker

What we do is run all inbound and outbound email to/from the Internet through a mail gateway.  Then the gateway can implement all of the modern spam avoidance functions, including even which specific user addresses will be relayed. Michael N6MEF Sent from my Verizon Wireless 4G LTE smartphone -------- Original message -------- From: William Lewis <kg6baj(a)n1oes.org> Date:02/09/2014 11:54 AM (GMT-08:00) To: AMPRNet working group <44net(a)hamradio.ucsd.edu> Subject: [44net] Mail Hacker (Please trim inclusions from previous messages) _______________________________________________ Hello group: Need some collective help here on a mail system hacker issue I've been having. First, the IP address on my system he's coming in on is 44.2.14.1 This person is dumping thousands of random emails into my system and some of them will match BBS AREA patterns and get forwarded out to my forward partners. At first, I set up a log book scan script to look for bad logins, and then ban the IP address, but then I found out that since my 44.2.14.1 ip address goes "around" my firewall via UCSD, the block rules literally have zero effect. I found a common "from" (online...@....) line in his emails, so in my "rewrite" file I used this command "onl*@* | *@*  refuse" but that also had zero effect. Then I tried telling JNOS "stop smtp" and "stop pop3" and that had zero effect. JNOS's email system uses very old RFC rules, and none of the modern RFC rules, so it's easy for this hacker to login to my JNOS mail server and dump this junk. Luckily most get held, but as stated, a few match forward patterns, so they slip through. Right now I've completely taken my JNOS off-line until a fix can be found. Anyone have some suggestions on blocking smtp and pop3 when my 44.2.14.1 address is live to global net ? Any advise is appreciated in advance. Thanks Bill KG6BAJ