[SATLUG] Possible Email Attacks
Daniel J. Givens
daniel at rugmonster.org
Tue Nov 13 13:25:46 CST 2007
Brad Taylor wrote:
> It looks like my server is rejecting the connection as it should,
> but I had a question about blocking this before it gets to the server.
> I traced the IP back to an Asia-Pacific area according to ARIN. If I
> put a block on the IP address in IPTABLES would that be a wise decision?
This is extremely common. One server that I run collects about 5MiB
worth of mail logs a day and 99.999% of that is from rejects. It is
absolutely nothing to worry about because there isn't much more you can
do about it than you are already are. You could think about using some
good blacklists and dropping the verbosity on your logs, but that's not
necessary and could hurt you more than help in the end.
SMTP is one of those services that you need to have open since it's
hardly likely you know each and every server that's going to be sending
you mail. If you start blocking whole sections of the Internet, you
might block legit mail from getting to you. That's a decision you should
make for yourself. What matters is that you're not an open relay for the
bots.
More information about the SATLUG
mailing list