Re: How to stop SPAMMER??!
>>> lrwxr-xr-x 1 root wheel33 Dec 10 2001 sendmail -> >>/usr/local/psa/qmail/bin/sendmail >>> >>> Using qmail. How to configure to avoid spam? What is the name of >>> configuration file? >>You did _NOT_ install qmail following the instructions. > You are right. I didn't install it at all! It was installed as > per Plesk Server Administrator: > http://www.Google.com/search?q=qmail+site%3APlesk.com > I'll check deeper into this. In the PSA, verify: Server->Mail->Relaying is set to closed. And close anything else that may be listening to port 25. Good luck, Neill [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: How to stop SPAMMER??!
> >1.- close port 25 while reconfiguring qmail > > How? It depends. Find out who is listening in port 25 (lsof). Kill it. Make sure it doesn't restart. qvb -- pica To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: How to stop SPAMMER??!
At 09:00 11/11/2002, Joan Picanyol i Puig wrote: >* W. D. <[EMAIL PROTECTED]> [20021110 14:00]: >> lrwxr-xr-x 1 root wheel33 Dec 10 2001 sendmail -> >/usr/local/psa/qmail/bin/sendmail >> >> Using qmail. How to configure to avoid spam? What is the name of >> configuration file? >You did _NOT_ install qmail following the instructions. You are right. I didn't install it at all! It was installed as per Plesk Server Administrator: http://www.Google.com/search?q=qmail+site%3APlesk.com I'll check deeper into this. >qmail is to be >installed in /var/qmail. qmail's standard install instructions do not >configure an open relay, you have done it yourself. > >Please: > >1.- close port 25 while reconfiguring qmail How? >2.- reinstall qmail. The Way To Go instructions are found at >http://www.lifewithqmail.org. Follow this instructions _to the letter_ Thanks for this link! >3.- open port 25 for a safe and reliable email server > >qvb >-- >pica > >To Unsubscribe: send mail to [EMAIL PROTECTED] >with "unsubscribe freebsd-questions" in the body of the message Start Here to Find It Fast!© -> http://www.US-Webmasters.com/best-start-page/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: How to stop SPAMMER??!
* W. D. <[EMAIL PROTECTED]> [20021110 14:00]: > lrwxr-xr-x 1 root wheel33 Dec 10 2001 sendmail -> >/usr/local/psa/qmail/bin/sendmail > > Using qmail. How to configure to avoid spam? What is the name of > configuration file? You did _NOT_ install qmail following the instructions. qmail is to be installed in /var/qmail. qmail's standard install instructions do not configure an open relay, you have done it yourself. Please: 1.- close port 25 while reconfiguring qmail 2.- reinstall qmail. The Way To Go instructions are found at http://www.lifewithqmail.org. Follow this instructions _to the letter_ 3.- open port 25 for a safe and reliable email server qvb -- pica To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: How to stop SPAMMER??!
From: "Kevin D. Kinsey, DaleCo, S.P." <[EMAIL PROTECTED]> > From: "W. D." <[EMAIL PROTECTED]> > Subject: Re: How to stop SPAMMER??! > > > Well, now we see why the file comments suggest that wrapping > sshd is *not* such a good idea.. > > Get the IP block of the system(s) from which you are remotely > adminning the server into hosts.allow with something like this > at the top: > > all: 192.168.0.0/255.255.255.0 : allow > > This is a sample netblock that makes sure hosts on my/the* > LAN have access to the machinefigure out the netblock > of your ISP at the home, office, or home office, and try, > try, again. > > HTH, > > Kevin Kinsey > DaleCo, S.P. > > *Your LAN may differ, of course. And, FWIW, hosts.allow is pretty 'ready to go' straight from 'the box.' Lots of examples.. Also, if I remember the O.P., you're running 4.4 or 4.5are you keeping up with patches? Surely an upgrade would be in order to address any issues that appeared over the summer... My $.02 Kevin Kinsey To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: How to stop SPAMMER??!
From: "W. D." <[EMAIL PROTECTED]> Subject: Re: How to stop SPAMMER??! >Hi Stephen, >I hope you don't mind, I've CC'd the list as well: >Guys: I locked myself out of my server using the "hosts.allow" script >below. I couldn't get in with SSH, FTP, and *ALL* email was blocked. >I changed back to the old "hosts.allow" and I can get back >in, but so are the slimy spammers. >It seems that "hosts.allow" is very powerfull--perhaps the way to >go. However, I can't shut off FTP and email for all the other users. >Does anyone have "ready-to-go" hosts.allow file? > > Well, now we see why the file comments suggest that wrapping sshd is *not* such a good idea.. Get the IP block of the system(s) from which you are remotely adminning the server into hosts.allow with something like this at the top: all: 192.168.0.0/255.255.255.0 : allow This is a sample netblock that makes sure hosts on my/the* LAN have access to the machinefigure out the netblock of your ISP at the home, office, or home office, and try, try, again. HTH, Kevin Kinsey DaleCo, S.P. *Your LAN may differ, of course. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: How to stop SPAMMER??!
Hi Stephen, I hope you don't mind, I've CC'd the list as well: Guys: I locked myself out of my server using the "hosts.allow" script below. I couldn't get in with SSH, FTP, and *ALL* email was blocked. I changed back to the old "hosts.allow" and I can get back in, but so are the slimy spammers. It seems that "hosts.allow" is very powerfull--perhaps the way to go. However, I can't shut off FTP and email for all the other users. Does anyone have "ready-to-go" hosts.allow file? At 08:39 11/10/2002, Stephen Hovey, wrote: > >Its a tuffy - why do you have both a sendmail and a qmail entry? you run >both? Nope. Nor EXIM. I just wanted them there for the time being. I was going to delete them once I was sure the script worked. > >the only thing I can think of is that ALL: paranoid line if you tried to >connect from an ip with bad in-addr.arpa/ident - and I dont think this is >correct form: > > ALL : 209.152.117.190192.0.2.35 : allow What would work? > > > >On Sun, 10 Nov 2002, W. D. wrote: > >> At 01:14 11/10/2002, Stephen Hovey, wrote: >> > >> >Put an entry in /etc/hosts.allow with that domain and DENY.. it will give >> >them a 550 denied no matter what they try, and/or an entry in >> >/etc/mail/access >> >> >> Hi Stephen, >> >> Well, I tried the 'hosts.allow' route. It seems I've disallowed SSH >> & FTP for myself now! Assuming I can get into the ISP tomorrow, which are >> the offending lines below? How can I get back into my own server I had to go to the colo and switch back to the old "hosts.allow" >> >> >> # >> # hosts.allow access control file for "tcp wrapped" applications. >> # $FreeBSD: src/etc/hosts.allow,v 1.8.2.5 2001/08/30 16:02:37 dwmalone Exp $ >> # >> # NOTE: The hosts.deny file is deprecated. >> # Place both 'allow' and 'deny' rules in the hosts.allow file. >> #See hosts_options(5) for the format of this file. >> #hosts_access(5) no longer fully applies. >> >> #_ _ _ >> #| | __ __ __ _ _ __ ____ __ | | ___ | | >> #| _| \ \/ / / _` | | '_ ` _ \ | '_ \ | | / _ \ | | >> #| |___ > < | (_| | | | | | | | | |_) | | | | __/ |_| >> #|_| /_/\_\ \__,_| |_| |_| |_| | .__/ |_| \___| (_) >> # |_| >> # !!! This is an example! You will need to modify it for your specific >> # !!! requirements! >> >> >> # Start by allowing everything (this prevents the rest of the file >> # from working, so remove it when you need protection). >> # The rules here work on a "First match wins" basis. >> # Commented out 2002 Nov 10 - WD: >> # ALL : ALL : allow >> >> # Wrapping sshd(8) is not normally a good idea, but if you >> # need to do it, here's how >> #sshd : .evil.cracker.example.com : deny >> >> # Protect against simple DNS spoofing attacks by checking that the >> # forward and reverse records for the remote host match. If a mismatch >> # occurs, access is denied, and any positive ident response within >> # 20 seconds is logged. No protection is afforded against DNS poisoning, >> # IP spoofing or more complicated attacks. Hosts with no reverse DNS >> # pass this rule. >> ALL : PARANOID : RFC931 20 : deny >> >> # Allow anything from localhost. Note that an IP address (not a host >> # name) *MUST* be specified for portmap(8). >> ALL : localhost 127.0.0.1 : allow >> #ALL : my.machine.example.com 192.0.2.35 : allow >> # Added 2002 Nov. 10 - WD: >> ALL : 209.152.117.190192.0.2.35 : allow >> >> >> # To use IPv6 addresses you must enclose them in []'s >> ALL : [fe80::%fxp0]/10 : allow >> ALL : [fe80::]/10 : deny >> ALL : [3ffe:fffe:2:1:2:3:4:3fe1] : deny >> ALL : [3ffe:fffe:2:1::]/64 : allow >> >> >> # Added 2002 Nov. 10 - WD: >> # Qmail >> qmail : localhost : allow >> #qmail : .nice.guy.example.com : allow >> #qmail : .evil.cracker.example.com : deny >> # Added 2002 Nov. 10 - WD >> qmail : .spaelegance.com : deny >> qmail : .SpaWeb1.spaelegance.com : deny >> qmail : .testargeted.com : deny >> qmail : .tesdaily.com : deny >> qmail : ALL : allow >> >> >> # Sendmail can help protect you against spammers and relay-rapers >> sendmail : localhost : allow >> sendmail : .nice.guy.example.com : allow >> sendmail : .evil.cracker.example.com : deny >> # Added 2002 Nov. 10 - WD >> sendmail : .spaelegance.com : deny >> sendmail : .SpaWeb1.spaelegance.com : deny >> sendmail : .testargeted.com : deny >> sendmail : .tesdaily.com : deny >> sendmail : ALL : allow >> >> >> # Exim is an alternative to sendmail, available in the ports tree >> exim : localhost : allow >> # exim : .nice.guy.example.com : allow >> # exim : .evil.cracker.example.com : deny >> # Added 2002 Nov. 10 - WD >> exim : .spaelegance.com : deny >> exim : .SpaWeb1.spaelegance.com : deny >> exim : .testargeted.com : deny >> exim : .tesdaily.com :
RE: How to stop SPAMMER??!
On Sun, 2002-11-10 at 11:18, Derrick Ryalls wrote: > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:owner-freebsd-questions@;FreeBSD.ORG] On Behalf Of Warren Block > > Sent: Sunday, November 10, 2002 10:50 AM > > To: W. D. > > Cc: [EMAIL PROTECTED] > > Subject: Re: How to stop SPAMMER??! > > > > > > On Sat, 9 Nov 2002, W. D. wrote: > > > > > At 19:49 11/9/2002, Steve Wingate wrote: > > > > > > 2. Are you the recipient of spam or is your box being used as a > > > >relay? > > > > > > Relay. > > > > http://logicsquad.net/freebsd/qmail-how-to.html > > That is the site I used to get a basic qmail system up and running. The > file which determines who can use qmail to relay is /etc/tcp.smtp > > 127.0.0.1:allow,RELAYCLIENT="" > 192.168.1.:allow,RELAYCLIENT="" > :allow > > The first two lines allow localhost and local network to relay using the > box, the third line I believe allows anyone to send mail to the box. If > the people using your qmail have fairly static ip addys, then just added > them to this file with the relayclient option. Ranges of ips are > enabled via dropping the last octet as shown in line two above. After > modifying tcp.smtp, you need to run this line for tcpserver > > /usr/local/bin/tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < > /etc/tcp.smtp > > > Hope this helps. > > > > > In fact, if your system is an open relay, you should > > disconnect it from the net until you have it closed. There > > are two reasons for that. The first is to stop the abuse of > > your system. The second is to keep your system from being > > added to lists of open relays or spam sources. > > > > -Warren Block * Rapid City, South Dakota USA > > > > Also make sure in your /var/qmail/control directory that you have an 'rcpthosts' file with only your domain in it eg 'echo your.domain >> rcpthosts' if this is not so then you are an open relay. Jon To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
RE: How to stop SPAMMER??!
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:owner-freebsd-questions@;FreeBSD.ORG] On Behalf Of Warren Block > Sent: Sunday, November 10, 2002 10:50 AM > To: W. D. > Cc: [EMAIL PROTECTED] > Subject: Re: How to stop SPAMMER??! > > > On Sat, 9 Nov 2002, W. D. wrote: > > > At 19:49 11/9/2002, Steve Wingate wrote: > > > > 2. Are you the recipient of spam or is your box being used as a > > >relay? > > > > Relay. > http://logicsquad.net/freebsd/qmail-how-to.html That is the site I used to get a basic qmail system up and running. The file which determines who can use qmail to relay is /etc/tcp.smtp 127.0.0.1:allow,RELAYCLIENT="" 192.168.1.:allow,RELAYCLIENT="" :allow The first two lines allow localhost and local network to relay using the box, the third line I believe allows anyone to send mail to the box. If the people using your qmail have fairly static ip addys, then just added them to this file with the relayclient option. Ranges of ips are enabled via dropping the last octet as shown in line two above. After modifying tcp.smtp, you need to run this line for tcpserver /usr/local/bin/tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp Hope this helps. > > In fact, if your system is an open relay, you should > disconnect it from the net until you have it closed. There > are two reasons for that. The first is to stop the abuse of > your system. The second is to keep your system from being > added to lists of open relays or spam sources. > > -Warren Block * Rapid City, South Dakota USA > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: How to stop SPAMMER??!
On Sat, 9 Nov 2002, W. D. wrote: > At 19:49 11/9/2002, Steve Wingate wrote: > > 2. Are you the recipient of spam or is your box being used as a > >relay? > > Relay. If your system is an open relay, close it. I have no idea how to do that with qmail--a web search will help. In fact, if your system is an open relay, you should disconnect it from the net until you have it closed. There are two reasons for that. The first is to stop the abuse of your system. The second is to keep your system from being added to lists of open relays or spam sources. -Warren Block * Rapid City, South Dakota USA To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: How to stop SPAMMER??!
At 10:47 PM 11.10.2002 +0700, budsz wrote:
>On Sun, Nov 10, 2002 at 08:32:35AM -0600, Jack L. Stone wrote:
>>Sorry again only one sip of coffee yet. The ${oif} and ${fwcmd} are
>>both my own defined variables at the beginning of my FW script. Just
>>replace these variable commands with your own script setup cmds. I thought
>>you were already running a script.
>
>How about if we use like spamassassin program it's will terminate this
problem?
>
>--
>budsz
>
You are only referring to a fix for emails. My FW rule stops the intruder
from using any other services as well... like using up bandwidth though the
web server, etc... DoS
Of course, if the intruder is persistant enough, he(she) may switch IPs,
even entire IP network to get around the block. But, you just need to keep
some monitors going on all of the key logs to watch for this intrusion and
modify the block to include more IPs the block can be modified more
times than he(she) can change IPs eventually.
Best regards,
Jack L. Stone,
Administrator
SageOne Net
http://www.sage-one.net
[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
Re: How to stop SPAMMER??!
On Sun, Nov 10, 2002 at 08:32:35AM -0600, Jack L. Stone wrote:
>Sorry again only one sip of coffee yet. The ${oif} and ${fwcmd} are
>both my own defined variables at the beginning of my FW script. Just
>replace these variable commands with your own script setup cmds. I thought
>you were already running a script.
How about if we use like spamassassin program it's will terminate this problem?
--
budsz
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
Re: How to stop SPAMMER??!
At 12:16 AM 11.10.2002 -0600, W. D. wrote:
>At 21:17 11/9/2002, Jack L. Stone wrote:
>>At 03:04 AM 11.10.2002 +0100, Gustaf Sjoberg wrote:
>>>On Sat, 09 Nov 2002 15:13:09 -0600
>>>"W. D." <[EMAIL PROTECTED]> wrote:
>>>
>>>either block incomming port 25 connections or set the smtserver to require
>>authentication.
>>>
>>>ipfw entry could look something like:
>>>
>>>add deny log tcp from any to 25 in recv
>
>This would completely block SMTP wouldn't it? I do have clients
>on this server using email.
>
>
>
>
>>>
Hi folks,
I've got some bozo from:
SpaWeb1.spaelegance.com..auth
doing all kinds of SMTP activity on my FreeBSD server. Does anyone
know how to stop this? What kind of entry would I add to ipfw?
Does anyone know what vulnerability this might be? How to stop
permanently?
>>
>>Get the IP of the spammer if possible. I've had to use a total block like
>>this:
>># DENY INTRUDER through external interface
>>#${fwcmd} add deny all from 66.000.00.000 to any via ${oif}
>
>Where is ${oif} defined?
>
>When I run a command like this it doesn't understand 'fwcmd'.
>
Sorry again only one sip of coffee yet. The ${oif} and ${fwcmd} are
both my own defined variables at the beginning of my FW script. Just
replace these variable commands with your own script setup cmds. I thought
you were already running a script.
Best regards,
Jack L. Stone,
Administrator
SageOne Net
http://www.sage-one.net
[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
Re: How to stop SPAMMER??!
- Original Message -
From: "Jack L. Stone" <[EMAIL PROTECTED]>
To: "W. D." <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Sunday, November 10, 2002 3:17 PM
Subject: Re: How to stop SPAMMER??!
> >usw2# {fwcmd} add deny log all from 168.93.100.59/16 to any in via lo0
I do not think you want your internal loopback blocked. Look for the
interface to the internet (like lnc0). Then do this:
/sbin/ipfw add deny log all from 222.222.222.222 to any via lnc0
Substitute the address of the spammer for "222.222.222.222", of course. :)
Point is, bock via the outside interface, not the internal loopback!
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
Re: How to stop SPAMMER??!
At 12:16 AM 11.10.2002 -0600, W. D. wrote:
>At 21:17 11/9/2002, Jack L. Stone wrote:
>>At 03:04 AM 11.10.2002 +0100, Gustaf Sjoberg wrote:
>>>On Sat, 09 Nov 2002 15:13:09 -0600
>>>"W. D." <[EMAIL PROTECTED]> wrote:
>>>
>>>either block incomming port 25 connections or set the smtserver to require
>>authentication.
>>>
>>>ipfw entry could look something like:
>>>
>>>add deny log tcp from any to 25 in recv
>
>This would completely block SMTP wouldn't it? I do have clients
>on this server using email.
>
>
>
>
>>>
Hi folks,
I've got some bozo from:
SpaWeb1.spaelegance.com..auth
doing all kinds of SMTP activity on my FreeBSD server. Does anyone
know how to stop this? What kind of entry would I add to ipfw?
Does anyone know what vulnerability this might be? How to stop
permanently?
>>
>>Get the IP of the spammer if possible. I've had to use a total block like
>>this:
>># DENY INTRUDER through external interface
>>#${fwcmd} add deny all from 66.000.00.000 to any via ${oif}
>
>Where is ${oif} defined?
>
>When I run a command like this it doesn't understand 'fwcmd'.
>
>usw2# {fwcmd} add deny log all from 168.93.100.59/16 to any in via ${oif}
>oif: Undefined variable.
>
>usw2# {fwcmd} add deny log all from 168.93.100.59/16 to any in via lo0
>fwcmd: Command not found.
>
>>
Sorry, that was a defined variable in my script:
# Firewall program
fwcmd="/sbin/ipfw"
Best regards,
Jack L. Stone,
Administrator
SageOne Net
http://www.sage-one.net
[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
Re: How to stop SPAMMER??!
On Sun, 10 Nov 2002 00:16:30 -0600
"W. D." <[EMAIL PROTECTED]> wrote:
>At 21:17 11/9/2002, Jack L. Stone wrote:
>>At 03:04 AM 11.10.2002 +0100, Gustaf Sjoberg wrote:
>>>On Sat, 09 Nov 2002 15:13:09 -0600
>>>"W. D." <[EMAIL PROTECTED]> wrote:
>>>
>>>either block incomming port 25 connections or set the smtserver to require
>>authentication.
>>>
>>>ipfw entry could look something like:
>>>
>>>add deny log tcp from any to 25 in recv
>
>This would completely block SMTP wouldn't it? I do have clients
>on this server using email.
yes it would, change it to:
add deny log tcp from to 25 in recv
>
>
>
>
>>>
Hi folks,
I've got some bozo from:
SpaWeb1.spaelegance.com..auth
doing all kinds of SMTP activity on my FreeBSD server. Does anyone
know how to stop this? What kind of entry would I add to ipfw?
Does anyone know what vulnerability this might be? How to stop
permanently?
>>
>>Get the IP of the spammer if possible. I've had to use a total block like
>>this:
>># DENY INTRUDER through external interface
>>#${fwcmd} add deny all from 66.000.00.000 to any via ${oif}
>
>Where is ${oif} defined?
>
>When I run a command like this it doesn't understand 'fwcmd'.
>
>usw2# {fwcmd} add deny log all from 168.93.100.59/16 to any in via ${oif}
>oif: Undefined variable.
>
>usw2# {fwcmd} add deny log all from 168.93.100.59/16 to any in via lo0
>fwcmd: Command not found.
>
>>
>>Reload the firewall rules
>>
>>Best regards,
>>Jack L. Stone,
>>Administrator
>>
>>SageOne Net
>>http://www.sage-one.net
>>[EMAIL PROTECTED]
>
>Start Here to Find It Fast!© -> http://www.US-Webmasters.com/best-start-page/
>
>
>To Unsubscribe: send mail to [EMAIL PROTECTED]
>with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
Re: How to stop SPAMMER??!
At 21:17 11/9/2002, Jack L. Stone wrote:
>At 03:04 AM 11.10.2002 +0100, Gustaf Sjoberg wrote:
>>On Sat, 09 Nov 2002 15:13:09 -0600
>>"W. D." <[EMAIL PROTECTED]> wrote:
>>
>>either block incomming port 25 connections or set the smtserver to require
>authentication.
>>
>>ipfw entry could look something like:
>>
>>add deny log tcp from any to 25 in recv
This would completely block SMTP wouldn't it? I do have clients
on this server using email.
>>
>>>Hi folks,
>>>
>>>I've got some bozo from:
>>>
>>>SpaWeb1.spaelegance.com..auth
>>>
>>>doing all kinds of SMTP activity on my FreeBSD server. Does anyone
>>>know how to stop this? What kind of entry would I add to ipfw?
>>>
>>>Does anyone know what vulnerability this might be? How to stop
>>>permanently?
>>>
>
>Get the IP of the spammer if possible. I've had to use a total block like
>this:
># DENY INTRUDER through external interface
>#${fwcmd} add deny all from 66.000.00.000 to any via ${oif}
Where is ${oif} defined?
When I run a command like this it doesn't understand 'fwcmd'.
usw2# {fwcmd} add deny log all from 168.93.100.59/16 to any in via ${oif}
oif: Undefined variable.
usw2# {fwcmd} add deny log all from 168.93.100.59/16 to any in via lo0
fwcmd: Command not found.
>
>Reload the firewall rules
>
>Best regards,
>Jack L. Stone,
>Administrator
>
>SageOne Net
>http://www.sage-one.net
>[EMAIL PROTECTED]
Start Here to Find It Fast!© -> http://www.US-Webmasters.com/best-start-page/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
Re: How to stop SPAMMER??!
At 20:04 11/9/2002, Gustaf Sjoberg, wrote: >On Sat, 09 Nov 2002 15:13:09 -0600 >"W. D." <[EMAIL PROTECTED]> wrote: > >either block incomming port 25 connections or set the smtp server to require >authentication. How to do this? > >ipfw entry could look something like: > >add deny log tcp from any to 25 in recv > >>Hi folks, >> >>I've got some bozo from: >> >>SpaWeb1.spaelegance.com..auth >> >>doing all kinds of SMTP activity on my FreeBSD server. Does anyone >>know how to stop this? What kind of entry would I add to ipfw? >> >>Does anyone know what vulnerability this might be? How to stop >>permanently? >> >>Here's what I am running: >>FreeBSD 4.4-RELEASE >>Apache/1.3.27 (Unix) >>mod_perl/1.26 >>mod_throttle/3.1.2 >>PHP/4.2.2 >>FrontPage/4.0.4.3 >>mod_ssl/2.8.11 >>OpenSSL/0.9.6f >> >> >>Start Here to Find It Fast!© -> http://www.US-Webmasters.com/best-start-page/ >> >> >>To Unsubscribe: send mail to [EMAIL PROTECTED] >>with "unsubscribe freebsd-questions" in the body of the message >> Start Here to Find It Fast!© -> http://www.US-Webmasters.com/best-start-page/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: How to stop SPAMMER??!
Hey Steve, Thanks for the reply. At 19:49 11/9/2002, Steve Wingate wrote: > >You don't mention several important things someone would need to answer >this question fully. > >1. Are you running a real mailserver that needs to send/receive mail to >the outside world? Yep. >If not then just block port 25 incoming. >If yes, then configure some UCE (unsolicited commercial email) rules on >sendmail (assuming this what you have since you didn't say) and/or >consider using another mailserver with easier configured security (since >you're probably not a sendmail wizard). I suggest qmail lrwxr-xr-x 1 root wheel33 Dec 10 2001 sendmail -> /usr/local/psa/qmail/bin/sendmail Using qmail. How to configure to avoid spam? What is the name of configuration file? >or Postfix, which >I use. > 2. Are you the recipient of spam or is your box being used as a >relay? Relay. >This shouldn't happen in the default configuration any longer I believe. >Either check the Handbook online for sendmail configuration. >3. Dunno I tried to block using IPFW but no luck using this line: add deny log all from 168.93.100.0/24 to any in via fxp0 (http://www.SamSpade.org/t/lookat?a=SpaWeb1.spaelegance.com -> SpaWeb1.spaelegance.com resolves to 168.93.100.59) > > >+-+ >|Steve Wingate <[EMAIL PROTECTED]> >|MCSE, CCNASat Nov 9 16:59:00 PST 2002 >+-+ >|FreeBSD 4.7-RC >| 4:59PM up 21 days, 17:31, 2 users, load averages: 0.00, 0.00, 0.00 >+-+ > >On Sat, 9 Nov 2002, W. D. wrote: > >> Hi folks, >> >> I've got some bozo from: >> >> SpaWeb1.spaelegance.com..auth >> >> doing all kinds of SMTP activity on my FreeBSD server. Does anyone >> know how to stop this? What kind of entry would I add to ipfw? >> >> Does anyone know what vulnerability this might be? How to stop >> permanently? >> >> Here's what I am running: >> FreeBSD 4.4-RELEASE >> Apache/1.3.27 (Unix) >> mod_perl/1.26 >> mod_throttle/3.1.2 >> PHP/4.2.2 >> FrontPage/4.0.4.3 >> mod_ssl/2.8.11 >> OpenSSL/0.9.6f >> >> >> Start Here to Find It Fast!© -> http://www.US-Webmasters.com/best-start-page/ >> >> >> To Unsubscribe: send mail to [EMAIL PROTECTED] >> with "unsubscribe freebsd-questions" in the body of the message >> Start Here to Find It Fast!© -> http://www.US-Webmasters.com/best-start-page/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: How to stop SPAMMER??!
At 03:04 AM 11.10.2002 +0100, Gustaf Sjoberg wrote:
>On Sat, 09 Nov 2002 15:13:09 -0600
>"W. D." <[EMAIL PROTECTED]> wrote:
>
>either block incomming port 25 connections or set the smtserver to require
authentication.
>
>ipfw entry could look something like:
>
>add deny log tcp from any to 25 in recv
>
>>Hi folks,
>>
>>I've got some bozo from:
>>
>>SpaWeb1.spaelegance.com..auth
>>
>>doing all kinds of SMTP activity on my FreeBSD server. Does anyone
>>know how to stop this? What kind of entry would I add to ipfw?
>>
>>Does anyone know what vulnerability this might be? How to stop
>>permanently?
>>
Get the IP of the spammer if possible. I've had to use a total block like
this:
# DENY INTRUDER through external interface
#${fwcmd} add deny all from 66.000.00.000 to any via ${oif}
Reload the firewall rules
Best regards,
Jack L. Stone,
Administrator
SageOne Net
http://www.sage-one.net
[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
Re: How to stop SPAMMER??!
On Sat, 09 Nov 2002 15:13:09 -0600 "W. D." <[EMAIL PROTECTED]> wrote: either block incomming port 25 connections or set the smtserver to require authentication. ipfw entry could look something like: add deny log tcp from any to 25 in recv >Hi folks, > >I've got some bozo from: > >SpaWeb1.spaelegance.com..auth > >doing all kinds of SMTP activity on my FreeBSD server. Does anyone >know how to stop this? What kind of entry would I add to ipfw? > >Does anyone know what vulnerability this might be? How to stop >permanently? > >Here's what I am running: >FreeBSD 4.4-RELEASE >Apache/1.3.27 (Unix) >mod_perl/1.26 >mod_throttle/3.1.2 >PHP/4.2.2 >FrontPage/4.0.4.3 >mod_ssl/2.8.11 >OpenSSL/0.9.6f > > >Start Here to Find It Fast!© -> http://www.US-Webmasters.com/best-start-page/ > > >To Unsubscribe: send mail to [EMAIL PROTECTED] >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: How to stop SPAMMER??!
You don't mention several important things someone would need to answer this question fully. 1. Are you running a real mailserver that needs to send/receive mail to the outside world? If not then just block port 25 incoming. If yes, then configure some UCE (unsolicited commercial email) rules on sendmail (assuming this what you have since you didn't say) and/or consider using another mailserver with easier configured security (since you're probably not a sendmail wizard). I suggest qmail or Postfix, which I use. 2. Are you the recipient of spam or is your box being used as a relay? This shouldn't happen in the default configuration any longer I believe. Either check the Handbook online for sendmail configuration. 3. Dunno +-+ |Steve Wingate <[EMAIL PROTECTED]> |MCSE, CCNA Sat Nov 9 16:59:00 PST 2002 +-+ |FreeBSD 4.7-RC | 4:59PM up 21 days, 17:31, 2 users, load averages: 0.00, 0.00, 0.00 +-+ On Sat, 9 Nov 2002, W. D. wrote: > Hi folks, > > I've got some bozo from: > > SpaWeb1.spaelegance.com..auth > > doing all kinds of SMTP activity on my FreeBSD server. Does anyone > know how to stop this? What kind of entry would I add to ipfw? > > Does anyone know what vulnerability this might be? How to stop > permanently? > > Here's what I am running: > FreeBSD 4.4-RELEASE > Apache/1.3.27 (Unix) > mod_perl/1.26 > mod_throttle/3.1.2 > PHP/4.2.2 > FrontPage/4.0.4.3 > mod_ssl/2.8.11 > OpenSSL/0.9.6f > > > Start Here to Find It Fast!© -> http://www.US-Webmasters.com/best-start-page/ > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
How to stop SPAMMER??!
Hi folks, I've got some bozo from: SpaWeb1.spaelegance.com..auth doing all kinds of SMTP activity on my FreeBSD server. Does anyone know how to stop this? What kind of entry would I add to ipfw? Does anyone know what vulnerability this might be? How to stop permanently? Here's what I am running: FreeBSD 4.4-RELEASE Apache/1.3.27 (Unix) mod_perl/1.26 mod_throttle/3.1.2 PHP/4.2.2 FrontPage/4.0.4.3 mod_ssl/2.8.11 OpenSSL/0.9.6f Start Here to Find It Fast!© -> http://www.US-Webmasters.com/best-start-page/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
