On Aug 29, 2007, at 4:50 AM, Júlio Olivares wrote:
Some months ago somebody from Brazil developed a virus that uses my free e-mail service to send information. The accounts had been disabled but I still got *thousands* of connections per hour that are rejected by the CHKUSER patch. I'm looking for a way to get ride of these connections. I'm trying to implement a solution that uses iptbales to drop connections from ips trying to send mail from these accounts. I don't know if there's a better way, this was the first thing that occured me. Because I'm not into C programming I don't know how to do it, any sugestions please ?
On my system, I have a Perl script that watches the log files for qmail-smtpd. It adds chkuser and simscan log entries to databases, and keeps a live blacklist of people spamming the server.
You could do something similar, and if an IP used one of the bad accounts you could at it to tcp.smtp so qmail-smtpd would reject further connections.
-- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/
