sorry. forget everyone doesn't have ESP...
the following line appears in my "inrules" file
which was compiled into a cdb...
209.244.137.13:deny
tcprules inbound.cdb inbound.tmp < inrules
there are other lines in there of course, but this
is/was at the top and should have been read and
executed immediately, right?
There is nothing wrong w/ the tcpserver line.
It works to prevent connection from other IPs
blocked w/ denies. It just seems that in this case
(and in a previous attack) that the spam, which is
disquised as a bounce, (no "from" info) slips past
tcpserver, perhaps because qmail considers the
mail to be from the person receiving the mail
instead of being from the spammer(?)
I don't mind being terribly wrong w/ my hypothesis;
that's why I'm not calling it a theory.
Michael Boyiazis -----
[EMAIL PROTECTED]
NetZero
Mail/Sys/Network Admin
> -----Original Message-----
> From: Ronny Haryanto [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 12, 2000 9:02 PM
> To: [EMAIL PROTECTED]
> Subject: Re: spam dissguised as bounce
>
>
> On 12-Jun-2000, Michael Boyiazis wrote:
> > I've tried putting that IP in my tcprules file (bad-guy-IP:deny)
> > but still the mail gets through.
>
> Be more specific. Which file? Have you recreated the cdb file? How
> does the mail get through? From which IP? Is the IP blocked by your
> rules? What do the logs say?
>
> Ronny
_____________________________________________
NetZero - Defenders of the Free World
Click here for FREE Internet Access and Email
http://www.netzero.net/download/index.html
