On 10 Feb 2004, Robert Meyer wrote:
that's exactly what we are about to implement at the
moment. Unfortunately, it will take some more time,
until we have tasted and set up everything. Besides
what would you suggests for such a small one-purpose
deamon (we are currently examinig Turnaway from
Daniel Lorch wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hi,
| If you don't have enough capacity to do the 5xx errors on the main
| mail servers then setup another (small) machine and redirect (instead
| of blocking) all connections to that box and let it emit 5xx errors.
|
Daniel Lorch wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hi,
| | If you don't have enough capacity to do the 5xx errors on the main
| | mail servers then setup another (small) machine and redirect (instead
| | of blocking) all connections to that box and let it emit 5xx
Robert Meyer wrote:
Hi,
On Mon, Feb 09, 2004 at 10:15:22PM +0100, Andre Oppermann wrote:
Daniel Lorch wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert,
| From 217.26.52.23:
| Trying 62.2.95.11...
| Connected to mx.hispeed.ch.
| Escape character is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hi
| You don't have to use NAT for that. There are for more clever
| ways of redirecting.
enlighten me.
daniel
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
hi
ok, improved version
1. our fake smtpd server, save as smtpd.sh
#!/bin/sh
echo '220 mx.hispeed.ch ESMTP'
read input
echo '550 Not today, spam-dude'
exit 0
2. inetd.conf (or use it with daemontools/ucspi-tcp)
1025stream tcp nowait nobody /path/to/smtpd.sh
3.
hi
that's exactly what we are about to implement at the
moment. Unfortunately, it will take some more time,
until we have tasted and set up everything. Besides
what would you suggests for such a small one-purpose
deamon (we are currently examinig Turnaway from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hi,
|How about tcpserver from http://cr.yp.to/ucspi-tcp.html
|
| tcpserver -H 0 25 echo 451 Go away
|
|
| Be careful, not every mail server accepts such an answer in
| the greeting string. You have to provide 5xx answers to
| mail from attempts as
Daniel Lorch wrote:
hi
ok, improved version
1. our fake smtpd server, save as smtpd.sh
#!/bin/sh
echo '220 mx.hispeed.ch ESMTP'
read input
echo '550 Not today, spam-dude'
exit 0
There are many mailservers out there which do not recognize a 550
in the HELO/EHLO
hi,
There are many mailservers out there which do not recognize a 550
in the HELO/EHLO answer. They will only give up when they get
a 550 on either the MAIL FROM or RCPT TO command.
I think we're getting there. Here is an improved version with just one
caveat: When run through inetd it doesn't
Hallo,
Daniel Lorch [EMAIL PROTECTED] schrieb:
Not sure where to look for the bug. When executed manually this problem
does not show up. Any bash/inetd-gurus here? :)
Not realy guru, but I have get it to run on OpenBSD3.4/alpha/current,
but I had to change some things. The problem was that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert,
| From 217.26.52.23:
| Trying 62.2.95.11...
| Connected to mx.hispeed.ch.
| Escape character is '^]'.
| 220 mx.hispeed.ch ESMTP Sendmail 8.12.6/8.12.6/tornado-1.0; Thu, 29 Jan
| 2004 15:53:30 +0100
|
| From 217.26.52.15:
| Trying 62.2.95.11...
Daniel Lorch wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert,
| From 217.26.52.23:
| Trying 62.2.95.11...
| Connected to mx.hispeed.ch.
| Escape character is '^]'.
| 220 mx.hispeed.ch ESMTP Sendmail 8.12.6/8.12.6/tornado-1.0; Thu, 29 Jan
| 2004 15:53:30 +0100
|
| From
Andre Oppermann wrote:
Daniel Lorch wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert,
| From 217.26.52.23:
| Trying 62.2.95.11...
| Connected to mx.hispeed.ch.
| Escape character is '^]'.
| 220 mx.hispeed.ch ESMTP Sendmail 8.12.6/8.12.6/tornado-1.0; Thu, 29 Jan
Now the users think their mails have been succesfully delivered
because they won't receive a bounce mail until the mail expires
in the queue (1 week). Quite frankly, that sucks.
Uhm, normally they should get warning mails in between, unless
you have changed common settings? At least that
On 09 Feb 2004, Daniel Lorch wrote:
Now the users think their mails have been succesfully delivered
because they won't receive a bounce mail until the mail expires
in the queue (1 week). Quite frankly, that sucks.
Is it still necessary to keep mails in the queue for one week nowadays?
User
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hi,
| If you don't have enough capacity to do the 5xx errors on the main
| mail servers then setup another (small) machine and redirect (instead
| of blocking) all connections to that box and let it emit 5xx errors.
| That can be a very small and fast
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hi,
| | If you don't have enough capacity to do the 5xx errors on the main
| | mail servers then setup another (small) machine and redirect (instead
| | of blocking) all connections to that box and let it emit 5xx errors.
| | That can be a very small
Hello Robert,
Is there a legal investigation aiming to track the attackers down,
and can we expect publishing of the investigation results?
Is Cablecom the only target, or other ISPs experienced the same attacks?
Thanks for your cooperation,
Stanislav
--- Robert Meyer [EMAIL PROTECTED]
EHLO,
Is Cablecom the only target, or other ISPs experienced the
same attacks?
We're experiencing such large attacks every few weeks and there's not much you can do
against it. The attackers use open proxies and infected home pc's to connect to the
MTAs, each connections only scans for a
On Thu, Jan 29, 2004 at 04:19:36PM +0100, Markus Gebert wrote:
In this situation, we had to start blocking IP-Ranges to guarantee the
mailservice. We tried to block only dynamically assigned IP addresses,
to minimize the impact on other users. Unfortunately, this was not
always
21 matches
Mail list logo
