On Sun, 26 Sep 1999 [EMAIL PROTECTED] wrote:
> I would not think so. Filtering is based on a simple premise... don not
> accept packets from a specific IP address or range of IP's. If you don't
> know what IP 's to filter, then you must find a way to get that
> information. Try netstat -n or grep your mail logs for the IP's in
> question.... sooner or later you wil have a bunch of IP's to filter...
> that's a good starting point.
>
Paul
thanks for your approach.
Finally i had to filter spammer with ipfwadm to prevent my mail server of
one denial of service.
But ipfwadm it's not a qmail topic.
Under qmail, i was able (until yesterday) to filter undesirable spam
mostly with /var/qmail/control/badmailfrom
The question here arises in one spammer (206.221.224.187)
who's spamming aol.com from one ppp session with a bogus domain "ba.net"
that doesn't belongs to him.
(from ba.net (ppp187.champaign.advancenet.net [206.221.224.187]))
AOL's DNS "resolves" ba.net (badly in my opinion) and the aol's
relays were sending tons of bounce emails to my mailserver. (the
real ba.net domain).
I'll try at first with @rly-yc04.mx.aol.com in badmailfrom.
If this interest you, see one of the bounces below.
Aol's relays rotates, then i tried (one domain by line obviously)
@[205.188.156.79], [EMAIL PROTECTED], @[205.188.156.78],@rly-bza01.mx.aol.com
@rly-yb05.mx.aol.com, @rly-yd01.mx.aol.com ,@rly-yc05.mail.aol.com
I've put the line @aol.com in badmailfrom; i couldn't stop the bombing
with this approach.
Finally i give up and i use ipfwadm (a UNIX tool, not an QMAIL tool) (as
you and other kind guys advise to me in this list);
that's the whole history; i'm remains filtering aol.com today until the
attack passes. It's not my desire and it's not a 'professional' solution
but..
Excuse me all for this maybe long email
Regards
Abel Lucano
email: [EMAIL PROTECTED]
[EMAIL PROTECTED]
---------------------------------------------------------------------------
Return-Path: <>
Received: (qmail 19037 invoked from network); 26 Sep 1999 09:50:32 -0000
Received: from aolmbr03.mx.aol.com (198.81.17.131)
by ferro.ba.net with SMTP; 26 Sep 1999 09:50:32 -0000
Received: from rly-yc04.mx.aol.com (rly-yc04.mail.aol.com [172.18.149.36])
by aolmbr03.mx.aol.com (8.8.8/8.8.5/AOL-2.0.0)
with ESMTP id IAA15844 for <[EMAIL PROTECTED]>;
Sun, 26 Sep 1999 08:31:39 -0400 (EDT)
Received: from localhost (localhost)
by rly-yc04.mx.aol.com (8.8.8/8.8.5/AOL-4.0.0)
with internal id IAA16080;
Sun, 26 Sep 1999 08:40:12 -0400 (EDT)
Date: Sun, 26 Sep 1999 08:40:12 -0400 (EDT)
From: Mail Delivery Subsystem <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="IAA16080.938349612/rly-yc04.mx.aol.com"
Subject: Returned mail: User unknown
Auto-Submitted: auto-generated (failure)
This is a MIME-encapsulated message
--IAA16080.938349612/rly-yc04.mx.aol.com
The original message was received at Sun, 26 Sep 1999 08:40:00 -0400 (EDT)
from ppp187.champaign.advancenet.net [206.221.224.187]
* ATTENTION ***
Your e-mail is being returned to you because there was a problem with its
delivery. The AOL address which was undeliverable is listed in the
section
labeled: "----- The following addresses had permanent fatal errors -----".
The reason your mail is being returned to you is listed in the section
labeled: "----- Transcript of Session Follows -----".
The line beginning with "<<<" describes the specific reason your e-mail
could
not be delivered. The next line contains a second error message which is
a
general translation for other e-mail servers.
Please direct further questions regarding this message to your e-mail
administrator.
--AOL Postmaster
----- The following addresses had permanent fatal errors -----
<[EMAIL PROTECTED]>
----- Transcript of session follows -----
... while talking to air-yc02.mail.aol.com.:
>>> RCPT To:<[EMAIL PROTECTED]>
<<< 550 MAILBOX NOT FOUND
550 <[EMAIL PROTECTED]>... User unknown
--IAA16080.938349612/rly-yc04.mx.aol.com
Content-Type: message/delivery-status
Reporting-MTA: dns; rly-yc04.mx.aol.com
Arrival-Date: Sun, 26 Sep 1999 08:40:00 -0400 (EDT)
Final-Recipient: RFC822; [EMAIL PROTECTED]
Action: failed
Status: 2.0.0
Remote-MTA: DNS; air-yc02.mail.aol.com
Last-Attempt-Date: Sun, 26 Sep 1999 08:40:12 -0400 (EDT)
--IAA16080.938349612/rly-yc04.mx.aol.com
Content-Type: message/rfc822
Received: from ba.net (ppp187.champaign.advancenet.net [206.221.224.187])
by
rly-yc04.mx.aol.com (v61.9) with ESMTP; Sun, 26 Sep 1999 08:39:55 -0400
From: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Hey man
Date: Sun, 26 Sep 1999 07:40:03
Message-Id: <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: text/html; charset="us-ascii"
<HEAD>
<TITLE>(Type a title for your page here)</TITLE>
</HEAD>
<BODY BACKGROUND="" BGCOLOR="#000000" TEXT="white" LINK="red" VLINK=""
ALINK="#ff0000">
<A HREF="http://3470651298/barney/"><FONT SIZE="+2">Click Here</FONT>>
<B><A HREF="http://3470651298/barney/"><FONT SIZE="+1" color="cyan">Hi
There...My names is Amber. My girlfriends Elaine and Louise came over
this
past weekend with their new digital camera, and after a little wine, and a
lot
of foolin' around, we got a little crazy...Anyways, now that the pictures
are
taken, we might as well show them to SOMEONE, so how about
you?</FONT></a></B><BR>
<A HREF="http://3470651298/barney/"><FONT SIZE="+2">Click Here</FONT>
</BODY>
