Many thanks GreyHat, That is some very useful information! Kind of email 'Honey Pot' for the 'bears'
Peter ----- Original Message ----- From: "GrayHat" <gray...@gmx.net> To: <assp-test@lists.sourceforge.net> Sent: Monday, August 22, 2011 10:02 PM Subject: [Assp-test] Simple yet effective (imHo) idea > Hello all; I've been running ASSP for quite a while now on a > number of different systems and with different backend email > servers and, till now, all I can say is that... it "just works" :-D !! > > To get back to the reason for this "spam" <g> sometimes I > got "helpme" calls from friends and, while ASSP did a good > work, the amount of junk was so heavy that I had to find a way > to relieve the mailservers a little bit, so, I decided to use the > old "MX sandwich" trick > > The trick, which is described here > > http://nolisting.org/ > > http://wiki.apache.org/spamassassin/OtherTricks > > http://www.mail-archive.com/users@spamassassin.apache.org/msg51583.html > > can be basically explained this way; let's say you own a > domain called example.com and let's also say you "own" > the 192.0.2.0/24 IP block (again, just an example, but you > will need at least a couple free IPs, one of them may even > be the one assigned to your gateway); now, what you'll need > to set up the sandwich is the following > > * Pick two additional IPs other than the one used by your MX > and not used for SMTP traffic (and ensure they will *never* > be used for such kind of traffic) > > * Configure one of the IPs so that all connection attempts to > port 25/tcp will result in a timeout (filtered port) > > * Configure another IP so that there will be something listening > on port 25/tcp but answering with a tempfail SMTP error code > that is "421 4.2.1 Service temporarily unavailable" > > now, let's say your REAL SMTP server (ok, ASSP) sits on the > 192.0.2.101 IP address, and let's also say that the other IPs > (as above) are 192.0.2.100 and 192.0.2.102; at this point you'll > need to edit your DNS zone and set your MX records so that > they'll look more or less as follows > > > mx01 IN A 192.0.2.100 > mx02 IN A 192.0.2.101 > mx03 IN A 192.0.2.102 > > @ IN MX 10 mx01.example.com. > @ IN MX 20 mx02.example.com. > @ IN MX 30 mx03.example.com. > > as you probably understood by now, the "mx01" will NEVER > answer to connection requests coming to 25/tcp, the "mx02" > will be running ASSP (and be the "real" mailserver) while > the "mx03" will be the "reject everything with a 421" one :) > > Now, I've several boxes running the above (or some types > of variations, in some cases the "real MX" changes since > the DNS gets switched around to avoid bots "learning" :D) > but in general, even with "static" set-ups, the mechanism > works and works well; the problem is finding something to > run on the "mx03" that is, something listening on the regular > SMTP port, acting as a mailserver but, when it comes to > the "DATA" phase, rejecting (and logging) the message > with a "tempfail" (421) SMTP code > > In my case, I decided to write my own "fake mx" program, > it's a small "ANSI C" app running as a win32 service and > doing all the needed stuff, but... I was thinking that, since > ASSP already implements all the needed code, it would > be cool to have a "fakeMX" feature directly built inside the > ASSP code so that you'll be able to use the webgui and > enter an IP to listen on (port 25 will be the default btw) > and, at that point, ASSP will just accept connections > coming to that IP:25 and... drop them with a "421" code > this won't just allow to setup the "sandwich" but may also > help the main instance since it may then use the infos > coming from those "bots" to update the penaltybox and > improve the filtering > > > > ------------------------------------------------------------------------------ > uberSVN's rich system and user administration capabilities and model > configuration take the hassle out of deploying and managing Subversion and > the tools developers use with it. Learn more about uberSVN and get a free > download at: http://p.sf.net/sfu/wandisco-dev2dev > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > ------------------------------------------------------------------------------ uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
