Results 1 to 3 of 3

Thread: Cutting off all access

  1. #1
    Junior Member
    Join Date
    May 2001
    Posts
    82

    Cutting off all access

    specs: Rh 6.2 server running (amongst other things) an ipchains firewall.

    There is a foreign company (?) that has been spamming the users of my church network. That's partly our fault, we used to have a page with contact email addresses. Once we figured out where the spams were coming from, and that the addresses were harvested from our contact page, we removed the page. But, because (s)he already had our addresses, we still get spam. Now, this entity has resorted to attempting to spam other domains using our server. The spam attempt fails, as our mail agent does not allow relaying.

    Now, what I would like to know, is there a way through ipchains that I can deny all access from that specific domain? I can probably trace the numeric ip address through Netcraft, but I'm wondering if there is a way to encode alpha-numeric domains into ipchains. For example:
    Code:
     ...  xyz.com -j DENY -l
    Or, should I code the numeric IP address in the chain?

    Or, is this not realistic to begin with?

    The spam we were receiving was bearable (ok, it wasn't, but it could be ignored and deleted.) Now, resorting to relaying mail through our server has caused me to draw the line; and I want to cut off all access.

    Any thoughts would be great.

    Thanks.

  2. #2

    Re:Cutting off all access

    You could probably do it with bash scripting. For instance, grep or cut their IPs from dig or nslookup and then pass that value to a variable to use within the specific chain in your script. You'll probably need to do a lookup of their mx records before you can block the appropriate IP addy. If you re-execute the script periodically with cron, it should reflect any address changes on their end. Actually, none of this may work at all, but it's how I would initially approach the situation. You also may be able to config something with your MTA (sendmail, postfix, etc) to achieve the same result a lot easier and cleaner. In fact, I would see what can be accomplished by configing your MTA before I tried to write some kind of crazy script.

  3. #3
    Junior Member
    Join Date
    May 2001
    Posts
    82

    Re:Cutting off all access

    Thanks tolstoy. You gave me a good idea. (My last resort was to write a script.) While digging around the sendmail pages I found:

    http://www.sendmail.org/m4/anti-spam.html

    which looks like it will do the trick. I guess I'll have to learn some sendmail programming/configuring.


Similar Threads

  1. cant access ftp
    By mojo jojo in forum Linux - Hardware, Networking & Security
    Replies: 17
    Last Post: 10-20-2005, 04:44 PM
  2. Can't Access LAN Web Server
    By omnivore in forum Linux - General Topics
    Replies: 3
    Last Post: 01-21-2005, 06:08 AM
  3. problems with irc access
    By Bogler in forum Linux - Hardware, Networking & Security
    Replies: 4
    Last Post: 12-18-2002, 05:15 PM
  4. Cant access internet
    By chipset35 in forum Linux - Hardware, Networking & Security
    Replies: 8
    Last Post: 07-15-2002, 03:22 PM
  5. Access Denied
    By NewGuy in forum Linux - General Topics
    Replies: 3
    Last Post: 06-09-2002, 07:32 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •