9 Feb
2014
9 Feb
'14
8:02 p.m.
Congrats you have a spammer. Research the IP he's sourcing as and add it
to your IPTables.
On Sun, 2014-02-09 at 11:54 -0800, William Lewis wrote:
> (Please trim inclusions from previous messages)
> _______________________________________________
> Hello group:
>
> Need some collective help here on a mail system hacker issue I've been having.
>
> First, the IP address on my system he's coming in on is 44.2.14.1
>
> This person is dumping thousands of random emails into my system and some
> of them will match BBS AREA patterns and get forwarded out to my forward
> partners.
>
> At first, I set up a log book scan script to look for bad logins, and then
> ban the IP address, but then I found out that since my 44.2.14.1 ip address
> goes "around" my firewall via UCSD, the block rules literally have zero
effect.
>
> I found a common "from" (online...@....) line in his emails, so in my
> "rewrite" file I used this command "onl*@* | *@* refuse" but
that also had
> zero effect.
>
> Then I tried telling JNOS "stop smtp" and "stop pop3" and that
had zero effect.
>
> JNOS's email system uses very old RFC rules, and none of the modern RFC
> rules, so it's easy for this hacker to login to my JNOS mail server and
> dump this junk. Luckily most get held, but as stated, a few match forward
> patterns, so they slip through.
>
> Right now I've completely taken my JNOS off-line until a fix can be found.
>
> Anyone have some suggestions on blocking smtp and pop3 when my 44.2.14.1
> address is live to global net ?
>
> Any advise is appreciated in advance.
>
> Thanks
>
> Bill
> KG6BAJ
>