Hello everyone,
I’m getting an annoying number of smtp connection attempts from a specific IP
address that has been going on for weeks now (several per minute).
I’m currently dropping these packets using a shorewall rule.
I’m thinking of setting up a tarpit to try to discourage the unwanted smtp
attempts.
Can someone point me to any appropriate documentation to do this?
I have seen the TARPIT sections in:
The man page for rules [1]
Tom’s Network config [2]
I also tried to search the mailing list archives at [3], but get an "Error
523”, Origin is unreachable.
To date, I have added the following line in my rules file:
"TARPIT net:<static IP> dmz:$E_SMTP
tcp smtp"
When I run shorewall check, it gives me the following error:
"ERROR: TARPIT requires TARPIT Target in your kernel and iptables
/etc/shorewall/rules (line 40)”
My Shorewall version is 5.2.3.2
Debian Stable 10.6
Kind regards,
Bruce Bannerman
[1] https://shorewall.org/manpages/shorewall-rules.html
<https://shorewall.org/manpages/shorewall-rules.html>
[2] https://shorewall.org/MyNetwork.html <https://shorewall.org/MyNetwork.html>
[3] http://dir.gmane.org/gmane.comp.security.shorewall
<http://dir.gmane.org/gmane.comp.security.shorewall>
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
