HELP! Someone is bombarding my SMTP port

john_biggs · 03-18-2002, 01:16 PM

:smash:
Hello, all,

This is driving me crazy. We have someone trying to send SMTP traffic over our postfix. It's all being rejected, but I can't shut him out entirely via the firewall. He's sending the requests in about 100 email bursts and it's clogging our pipes but good.

Has anyone seen this? Any suggestions?

I'd like to go huntin', but I can't find his IP in any of my logs. Am I missing something?

JB

john@bigwidelogic.com

saavik · 03-18-2002, 01:46 PM

what are you doing with your server?
is it a webserver? are you hosting some websites?
if not:

why don`t you just get a new ip form your isp by reconnecting to the internet?

if so:

what does your firewall - log tell you?
when i get some scans or connects on my firewall i can always see the ip of the other guy!

who did you give the ip of your server? perhaps someone with is allowed to connect to your server has a windows (sh**) pc client and is is bad configured......

so what ?

KayJay · 03-19-2002, 07:31 AM

if this sob is packeting u with the same IP(static), write some chains to your firewall where u deny all traffic from IP xxx.xx.xx.xxx to the SMTP port

john_biggs · 03-19-2002, 08:48 AM

I believe I got the bugger.
Thanks for all the help, all.

JB

saavik · 03-19-2002, 01:35 PM

so what was it and how did you solve the problem?

john_biggs · 03-19-2002, 01:41 PM

I found his ip in one of the messages he was attempting to send and locked him out. It was really strange. I'm going to try to do a full post-mortem later.

saavik · 03-19-2002, 02:08 PM

it would be kind if you would find the time to write how you manage to kick the stranger out of you system.