From owner-freebsd-questions Sun Nov 10 6:17:57 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F200937B401 for ; Sun, 10 Nov 2002 06:17:55 -0800 (PST) Received: from sage-one.net (adsl-65-71-135-137.dsl.crchtx.swbell.net [65.71.135.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id E115C43E3B for ; Sun, 10 Nov 2002 06:17:54 -0800 (PST) (envelope-from jackstone@sage-one.net) Received: from sagea (sagea [192.168.0.3]) by sage-one.net (8.11.6/8.11.6) with SMTP id gAAEHlD69768; Sun, 10 Nov 2002 08:17:48 -0600 (CST) (envelope-from jackstone@sage-one.net) Message-Id: <3.0.5.32.20021110081746.011f73b8@mail.sage-one.net> X-Sender: jackstone@mail.sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Sun, 10 Nov 2002 08:17:46 -0600 To: "W. D." , freebsd-questions@FreeBSD.ORG From: "Jack L. Stone" Subject: Re: How to stop SPAMMER??! In-Reply-To: <5.1.0.14.2.20021109235134.0484d270@us-webmasters.com> References: <3.0.5.32.20021109211740.011f73b8@mail.sage-one.net> <20021110030443.1b0577ad.gs@vacfu.org> <5.1.0.14.2.20021109150436.069a4d50@us-webmasters.com> <5.1.0.14.2.20021109150436.069a4d50@us-webmasters.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 12:16 AM 11.10.2002 -0600, W. D. wrote: >At 21:17 11/9/2002, Jack L. Stone wrote: >>At 03:04 AM 11.10.2002 +0100, Gustaf Sjoberg wrote: >>>On Sat, 09 Nov 2002 15:13:09 -0600 >>>"W. D." wrote: >>> >>>either block incomming port 25 connections or set the smtserver to require >>authentication. >>> >>>ipfw entry could look something like: >>> >>>add deny log tcp from any to 25 in recv > >This would completely block SMTP wouldn't it? I do have clients >on this server using email. > > > > >>> >>>>Hi folks, >>>> >>>>I've got some bozo from: >>>> >>>> SpaWeb1.spaelegance.com..auth >>>> >>>>doing all kinds of SMTP activity on my FreeBSD server. Does anyone >>>>know how to stop this? What kind of entry would I add to ipfw? >>>> >>>>Does anyone know what vulnerability this might be? How to stop >>>>permanently? >>>> >> >>Get the IP of the spammer if possible. I've had to use a total block like >>this: >>##### DENY INTRUDER through external interface >> #${fwcmd} add deny all from 66.000.00.000 to any via ${oif} > >Where is ${oif} defined? > >When I run a command like this it doesn't understand 'fwcmd'. > >usw2# {fwcmd} add deny log all from 168.93.100.59/16 to any in via ${oif} >oif: Undefined variable. > >usw2# {fwcmd} add deny log all from 168.93.100.59/16 to any in via lo0 >fwcmd: Command not found. > >> Sorry, that was a defined variable in my script: # Firewall program fwcmd="/sbin/ipfw" Best regards, Jack L. Stone, Administrator SageOne Net http://www.sage-one.net jackstone@sage-one.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message