[plug] smtp madness.
Craig Ringer
craig at postnewspapers.com.au
Tue Jun 22 14:51:48 WST 2004
On Tue, 2004-06-22 at 14:29, James Devenish wrote:
> In message <Pine.LNX.4.44.0406221423460.1037-100000 at guild.murdoch.edu.au>
> on Tue, Jun 22, 2004 at 02:24:11PM +0800, Shayne O'Neill wrote:
> > One of my servers has been seemingly in constant contact with
> > yhaaus.lnk.telstra
>
> Umm...are you sure that the name is yhaaus.lnk.telstra? Surely that
> won't resolve in DNS. You probably want to block on IP address instead.
It could be a funky reverse DNS entry from somewhere. I've seen fake
domains in Telstra's reverse DNS before, so I wouldn't be surprised.
> Without thinking too deeply about at the level on the SMTP daemon, I
> suppose there'd be a "one liner" in whatever packet filter you have (I
> forget the Linux ones, but I think it's standard to have...iptables...or
> something)?
iptables -I INPUT 1 -p tcp -d $DESTINATION_HOST_IP --dport 25 \
-j LOG --log-prefix '[TMAILBLOCK]'
iptables -I INPUT 2 -p tcp -d $DESTINATION_HOST_IP --dport 25 \
-j REJECT
should do the trick. I'd recommend replacing the '-I INPUT n' with '-A
INPUT' and putting it in the appropriate place in your iptables script
instead, though.
I would recommend looking at why your system is trying to communicate
with this host first, though.
--
Craig Ringer
More information about the plug
mailing list