Mailing List SIMS@mail.stalker.com Message #15516
From: Lewis Butler <lbutler@covisp.net>
Subject: Re: dictionary
Date: Mon, 13 Aug 2007 21:17:00 -0500
To: SIMS Discussions <SIMS@mail.stalker.com>
X-Mailer: Apple Mail (2.752.2)
On Aug 13, 2007, at 9:03 AM, Charles Mangin wrote:
since i took over hosting, all of these dictionary-style spams have been going nowhere, being rejected out of hand with "<<< 550 Unrouteable address". i know i can't do anything more than ignore them and hope they will move on to some other target but... sheesh. six months? with nothing to show for it? you'd think there'd be some sort of list purging in all that time.

Well, you can do something about it, you can blacklist IP addresses that send too many bad messages where too many is a number you chose.

Depending on your OS, there are various choices.  I am away from my main computer,  but the one I used is called something like denyrbl and it blacklists server that send more than 100 bad addresses in under 20 minutes for, iirc, 1444 minutes.  The blacklist is at the hosts.deny level, so the machines are prevented from connecting AT ALL (on any port).

It's fairly easy to do, and you can do it yourself by simply parsing the logs for hosts with a high reject count and adding them to hosts.deny.dos and then adding

ALL: /var/tmp/hosts.deny.dos : deny

in /etc/hosts.allow (near the top).

This assumes a UNIX based system like linux, FreeBSD or OS X, naturally.

Just be conscious that you set a fairly high limit, depending on your server's volume, or you might find yourself accidently banning large ISPs.


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster