[Shorewall-users] Harvesting and Dictionary attacks

Tom Eastep teastep at shorewall.net
Wed Feb 9 20:04:52 PST 2005


Mike Lander wrote:
>>>> Terry H. Gilsenan wrote:
>>>>
>>>>
>>>>>> excuse me Mike but IMHO SMTP security has nothing to do with
>>>>>> shorewall.
>>>>>
>>>>>
>>>>>
>>>>>    Quite the contrary in my opinion, the best place to drop such a
>>>>> connection would be at your
>>>>> Firewall as I am trying to reduce the bandwidth that spammers use
>>>>> to harvest
>>>>>
>>>>> email addresses.
>>>>>
>>>>> I must say I agree here, SMTP security is for "first timers
>>>>> offenders" for
>>>>> persistent abusers there is "DROP", and that is properly done at the
>>>>> firewall.
>>>>
>>>>
>>>> I also agree. I monitor the output of pflogsumm (Posfix log reporting
>>>> tool that mails me a daily report), and obvious offenders get added to
>>>> my TCP port 25 blacklist. I do that as a manual process.
>>>>
>>>> -Tom
>>>
>>>
>>>
>>> Tom what happend with the legitamate email coming from the "sometimes
>>> bad" host?
>>> go nowhere?(of course is rejected but..)
>>
>>
>> Trust me -- the addresses I blacklist have never sent one piece of
>> legitimate email.
>>
>>
>>> IMHO running an SMTP server is sometimes a big PITA. :P
>>
>>
>> Definitely. I forward all outgoing email through my ISP because sending
>> it directly is just too much hassle.
>>
>> -Tom
> 
> 
> 
>    After Tom's Post I realized it is not that much trouble to just pull
> the IP's out of the mail
> logs and blacklist them in shorewall/blacklist. But Tom gave me an idea,
> since I use I-mail,
> I found a log analyzer to make things easier, that way I can add a bunch
> of IP's at once.
>    It would be neat if you could do this dynamically, but it would
> require some coding.
> 

And it is code that I have no interest in writing.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key


More information about the Shorewall-users mailing list