Hi to all I am fight with a DDOS based in smtp mail.
I am using Debian 7.7 x86 and Shorewall-4.5.5.3
I am getting errors to my domain trying to send mail every second or more.
2015-02-24 10:25:21 H=([58.187.161.220]) [58.187.161.220] sender verify
fail for <[email protected]>: Unrouteable address
2015-02-24 10:25:21 H=([58.187.161.220]) [58.187.161.220] F=<
[email protected]> rejected RCPT <[email protected]>:
Sender verify failed
2015-02-24 10:25:21 unexpected disconnection while reading SMTP command
from ([58.187.161.220]) [58.187.161.220] (error: Connection reset by peer)
At the begining use fail2ban to ban the concurrent conexion but the bad
people learn to not make the same conexion more than one. :-(
All the ipaddres are listed in DNSbl and I can use a simple script to test
if this conexion is listed in DNSBL (using a internal program to cache
every ip).
My intencion are:
Every conexion that is made shorewall launch the script or the rule if is
listed in DNSBL-Drop if not allow to connect to the mailserver.
Shorewall has this funcionalty? because I search in the documentation and I
don't find any similar only the blacklist funcionality.
Regards and thanks for the responses.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
