Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Spammers Attack?

Posted by Cliff on from the find-your-closest-flame-thrower dept.

Gothmolly asks: "After reading the recent spate of spam and anti-spam articles here on Slashdot, I decided to beef up the anti-spam security on my own domain. I run my own domain and mail server, running Qmail, along with rblsmptd. Mail that passes this gets hit with Spamassassin However, one particular spamhaus, Clickformail has particularly nasty servers, they try at least 2 SMTP connects/second, and I suspect that's only limited by my 384k DSL pipe. The impact on my box was non-zero, to say the least. I ended up putting a packet filter on their class C netblock to stop the barrage of log messages and increase in load (from 0.05 normal to 0.15). Has anyone else experienced such determined spammers, and what is the best way around it?"

4 of 16 comments (clear)

  1. Off topic, but still.. by Cpyder · · Score: 3, Informative
    Can't the editors remove the link+name of the spammer? I think it's best we don't give them any hits, as this will encourage them to continue their nasty business.

    Altough it would be nice to slashdot them off the net, off course :)

    1. Re:Off topic, but still.. by orangesquid · · Score: 3, Informative

      Just subscribe gil@clickformail.com and sales@clickformail.com to as many spam lists as you can find. In fact, see if you can get them on their own lists! Not that I'm advocating eye-for-an-eye, spam-for-a-spam, but...

      Not that I'm suggesting anything, of course.
      And---why not just block incoming TCP connections on port 25 from their subnet, rather than blocking their whole subnet (or is this what oyu did, and you were just vague?) (or does your firewall not support this?)

      --
      --TheOrangeSquid Is it any wonder things seem so awry? We swim in a sea of confusion and don't have to think to survive
  2. Simplest solution by njdj · · Score: 3, Informative

    Assuming you're running Linux with a 2.4 kernel or later, adding this to your iptables rules is probably the most effective:

    iptables -A INPUT -s 204.1.28.0/24 -j DROP

    Put it just before the first rule that accepts or logs anything. (I haven't tried it yet - if you're an iptables expert and see a mistake, please post a correction).

  3. Tantalus by ChiefArcher · · Score: 5, Informative

    I wrote a sendmail milter called Tantalus that stops spammers from guessing usernames... Basicly if they hit X wrong email addresses on your SMTP server in X amount of time, they are blocked for X number of minutes... It's really fun to watch them guess that 100 or so names they guess and hit the Xth wrong one and just be shut out... :)
    It basicly picks up where spamassassin and RBL stops.... It's kinda fun to watch it in debug mode.... and it's free.

    http://www.linuxmailmanager.com/tantalus.html

    ChiefArcher