[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mail relay attempts



On Tue, Aug 27, 2002 at 06:12:51AM -0500, Daniel J. Rychlik wrote:
> This is great, Just great.  I run a mail server on dsl service
> provided by mabell.  I wrote a perl script that mails me some reports
> on activities on my server everyday.  I wake up this morning and I
> have an alarm.
> Obviously, non of these were relayed from my server because there are
> only 2 private ip addresses that can use my server to relay mail. 
> But, alas I am bothered by these attempts and I hope that I can snip
> this in the bud quick.  
> 
> Any suggestions would be of great importance and taken seriously.
> Please advise.

you have an SMTP server, therefore spammers *will* attempt to relay mail
through it.  guaranteed.  sometimes only a few times per day, sometimes
hundreds or thousands of attempts per day.  get used to it.

fortunately, your server sounds like it is not an open relay - you've
done the right thing.

there's nothing more you can do.  you can't stop them trying.  you've
already done a good job in preventing them from relaying through you.




btw, if your DSL service gives you a dynamic IP address you will end up
on various DUL-type RBLs anyway.  some mail-server operators do not want
to receive mail direct from dynamic IP addresses.  it's their server,
their choice.

craig

PS: actually, the only other thing you could do is set firewall rules
blocking inbound tcp port 25.  if your mail server is the primary MX for
your domain then you would also need a secondary MX and open the
firewall for just that machine.  spammers will still try - the only real
difference is that you'll get entries in your kernel log rather than in
your mail log.  if you do this, i recommend using iptables and DROP the
packet rather than REJECT it....this wastes the spammer's time while the
connection times out.

the downside to doing this is that spammers can relay spam to you via
your secondary MX, in order to get around any local access rules you
have.  e.g.  if you use a particular RBL service and your secondary MX
doesn't, then you may as well not bother using the RBL.

IMO, it's not worth having a secondary MX host unless either a) you
control your secondary MX or b) your secondary MX has at least as good
an anti-spam setup as you do.


-- 
craig sanders <cas@taz.net.au>

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch



Reply to: