[plug] smtp madness.

Shayne O'Neill shayne at guild.murdoch.edu.au
Tue Jun 22 15:04:30 WST 2004 

Yeah. What I'm suspecting is that this might be a adsl or somethign (some
bozo trying to have his own home server) , and somewhere somehow its all
going tit-about-ass with some sort of autoreply or something with bad
headers (so its not recognised by the mta)

The problem of course is that if this is the case then the ip block wont
work.

tcp        0      1 yourguild.murdoch.:2825 yhaaus.lnk.telstra:auth
SYN_SENT
tcp        0      0 yourguild.murdoch.:smtp yhaaus.lnk.telstra:8342
ESTABLISHED
tcp        0      0 yourguild.murdoch.:smtp yhaaus.lnk.telstra:8314
TIME_WAIT
tcp        0      0 yourguild.murdoch.e:ssh guild.murdoch.edu:53038
ESTABLISHED

This has been going on for a week!. Little has being showing in the logs
either, or little I can work with.

will hosts.deny do it?

--
"the vast majority of Iraqis want to live in a peaceful, free world. And
we will find these people and we will bring them to justice."
George W. Bush, Washington, D.C., Oct. 27, 2003

Shayne O'Neill. http://www.perthimc.asn.au

On Tue, 22 Jun 2004, James Devenish wrote:

> In message <Pine.LNX.4.44.0406221423460.1037-100000 at guild.murdoch.edu.au>
> on Tue, Jun 22, 2004 at 02:24:11PM +0800, Shayne O'Neill wrote:
> > One of my servers has been seemingly in constant contact with
> > yhaaus.lnk.telstra
>
> Umm...are you sure that the name is yhaaus.lnk.telstra? Surely that
> won't resolve in DNS. You probably want to block on IP address instead.
>
> > via smtp. Looking at the logs, theres just some mad conversation between
> > the two with that machine trying to deliver crazy things to it, the server
> > responding and it doing it again.
> >
> > Is there a way to just block that domain?
> >
> > debian woody + exim + mailman
>
> Without thinking too deeply about at the level on the SMTP daemon, I
> suppose there'd be a "one liner" in whatever packet filter you have (I
> forget the Linux ones, but I think it's standard to have...iptables...or
> something)?
>
>
> _______________________________________________
> PLUG discussion list: plug at plug.linux.org.au
> http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>

More information about the plug mailing list