That's not a bad suggestion. They have only one public server, the SMTP gateway, but they're using a Linksys for VPN. They could just replace the Linksys with a real firewall.
I was initially trying to come up with a 2-hour solution that could also be integrated just as quickly since they are doing ok with their current setup, however they had other IP's and we just simply moved the server. I identified his open relay and gave him instructions on how to close it when they came on board a month and a half ago, but that was left open. I'm sure that I sounded a tad alarmist at the time. From what happened to another customer running a closed 5.5.5 installation, it doesn't seem that this spammer cares if it relays or not.
I'll give him the firewall suggestion since we bought ourselves a bit more time and he's going to be watching the server closely until it gets completely resolved.
Thanks,
Matt
DLAnalyzer Support wrote:
Matt,
I used to put routers in these types of situations, but now I don't. I would suggest you/your customer look at some of the low end Netscreen firewalls like a 5GT. You can get these under $500 and they have way more value than a router..
One of the best things about the netscreen devices is they can be installed in "transparent" mode. Which means no ip configuration required. You just basically put it inline of the server and configure the rules on it.
http://www.netscreen.com/products/at_a_glance/ds_5xt.jsp
Darrell
------------------------------------------------
Check Out DLAnalyzer a comprehensive reporting tool for
Declude Junkmail Logs - http://www.dlanalyzer.com
Matt writes:
I have yet another customer that is running GroupWise 5x that is getting attacked by some asian spammer trying to dictionary attack Yahoo.co.jp and other regional sites. Until they can get onto GroupWise 6 (which will reject at the SMTP envelope), my recommendation was for them to install a new router capable of limiting port 25 to just my server's IP, the only problem is that he needs something fast and cheap.
Does anyone know of any cheap, chain store stocked routers that are capable of limiting a particular port to a particular IP on inbound only (it still has to deliver by SMTP, just only receive from my IP)? I figure that the following are the best candidates based on the fact that they are readily available.
http://www.compusa.com/products/products.asp?N=200158&CusaNe=200139
Note that he only needs to firewall one port.
BTW, if you are running GroupWise 5.x (including 5.5.5), this asian spammer will stick a group of zombies on your machine for weeks on end even if in fact your server is not actually relaying the messages. This is the same spammer that is responsible for the majority of the Job-Jobs that my locally hosted domains see right now.
Thanks,
Matt
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
