A crazy spam mailserver
sziftgroup at wp.pl
Tue Jun 7 16:17:47 CEST 2005
Today at around 12 AM local (10:00 GMT) I started recieving spam from a
particular host. Nothing strange about it, except the fact
that all of the mail is coming to my home mailserver that I got up just
a few days ago, and just for home usage/testing/learning.
And the bugger doesn't seem to give up, in the last four hours I got
around 50 SPAM messages - all the same.
The sender is NAVER-MAILER at naver.com and so far I just took steps to
block the spam - so the most straight forward thing that came to my mind
was to do a -DROP. The sender used a few different IP adresses, but most
of I was able to identify in the form of 18.104.22.168/24, so it all got up to
a list of five IP's, and so far I went with a script like this
BAD_IP_LIST="22.214.171.124/24 126.96.36.199/24 188.8.131.52/24"
for IP in $BAD_IP_LIST
iptables -A INPUT -s $IP -DROP
My question is: Is there a better way to act upon such a case?
because I'm not convinced to think that just doing a -DROP like the
above is the best idea.
For instance I may be blocking some other ip's, that could be innocent.
Or, not sure about this one though, is it possible I could be just
blocking some spoffed IP's?
"Greg: It's a little known fact, but e-mail servers were the tenth
plague that God visited upon the egyptians. All tat angel of death and
passover stuff is pure crap."
More information about the netfilter