From: Rene Bartsch (no email)
Date: Sun Feb 01 2004 - 10:51:13 EST
Am Sonntag, 1. Februar 2004 14:51 schrieb Orlando Andico:
> On Sun, 1 Feb 2004, Rene Bartsch wrote:
> ..
>
> > > moral of the story: they don't even check if the IP is reachable!! they
> > > just attempt to connect and connect and connect...
> >
> > Tar pit - then they'll remove your smtp-server from their lists ...
>
> Tried that. modified "guardian.pl" (logwatch monitor for Snort) to watch
> postfix logs and DROP packets from spamhaus-listed IPs. so basically when
> they connect to me, their connection hangs for a long time.
>
> still doesn't work! I have to retire the iptables rules eventually
> (otherwise the ACL list gets too unwieldy) and guess what.. when I remove
> the block, the IP's are back! so I block them again...
>
> that's where my 30,000-entry iptables rules came from. :D
>
Me goodness! How long does it last to load them in a editor? ;-)
Single tar pits don't harm the spammers, but when we all use tar pits when
having the proxy-function in Postfix-2.1, we'll provide a great DoS-attack to
our spam-friends. Think about a spam-server blocked completely for 24 hours!
:-) :-) :-) :-)
Rene
|
|
|