uOn Sun, 3 Jan 1999, Gordon Soukoreff wrote:
> I have this outfit ( asshole ) relaying off my smtp host running qmail:
>
> Jan 1 01:36:31 blahblah smtpd: 915183391.413662 tcpserver: ok 19689
> blablah.blah.net:211.123.239.112:25
> onlymail2.oneandonly.com:211.123.239.112::1825
> Jan 1 01:36:31 blahblah smtpd: 915183391.421722 tcpcontrol: ok 19689
> blahblah.blah.net:211.123.239.112:25
> onlymail2.oneandonly.com:206.50.219.157::1825
>
>
> This is what I have in the tcp relaycontrol file:
>
> 211.123.239.:allow,RELAYCLIENT=""
> 211.123.240.:allow,RELAYCLIENT=""
> 127.:allow,RELAYCLIENT=""
>
> Is there anything else I could do ? Is he IP spoofing ?
Assuming you do have a rcpthosts file (needed to prevent relaying), you
should have your border router(s) configured to deny incoming traffic from
any of your IPs. If you're using a Cisco:
access-list 102 deny ip my.ip.net.block 0.0.0.255 (assuming you have a
/24)
then on your border interface:
ip access-group 102 in
As a good netizen, you should also filter IPs other than yous from getting
out of your network. This way, nobody on your network can spoof outward.
James Smallacombe Internet Access for The Delaware
[EMAIL PROTECTED] Valley in PA, NJ and DE
PlantageNet Internet Ltd. http://www.pil.net
=====================================================================
ISPF 2.0b, The Forum for ISPs by ISPs. San Diego, CA, March 8-10 '99
Three days of clues, news, and views from the industry's best and
brightest. http://www.ispf.com for information and registration.
=====================================================================
