From: Orlando Andico (no email)
Date: Sun Feb 01 2004 - 08:51:16 EST
On Sun, 1 Feb 2004, Rene Bartsch wrote:
..
> > moral of the story: they don't even check if the IP is reachable!! they
> > just attempt to connect and connect and connect...
>
> Tar pit - then they'll remove your smtp-server from their lists ...
Tried that. modified "guardian.pl" (logwatch monitor for Snort) to watch
postfix logs and DROP packets from spamhaus-listed IPs. so basically when
they connect to me, their connection hangs for a long time.
still doesn't work! I have to retire the iptables rules eventually
(otherwise the ACL list gets too unwieldy) and guess what.. when I remove
the block, the IP's are back! so I block them again...
that's where my 30,000-entry iptables rules came from. :D
--- Orlando Andico <> Mosaic Communications, Inc.
|
|
|