?

Log in

No account? Create an account
penrose orange

stephenw32768


/var/log/stephen

cat /var/log/stephen >/dev/eyes


Taste my packet filter, moron
penrose orange
stephenw32768
I noticed a heavier load on my mail server than normal. Curious, I took a look at the logs. I found a few entries like these:
2003-04-10 16:50:39 recipients refused from cpe-66-1-139-159.ca.sprintbbd.net [66.1.139.159] (RBL list.dsbl.org)
2003-04-10 16:50:52 recipients refused from cpe-66-1-139-159.ca.sprintbbd.net [66.1.139.159] (RBL list.dsbl.org)
2003-04-10 16:51:39 recipients refused from cpe-66-1-139-159.ca.sprintbbd.net [66.1.139.159] (RBL list.dsbl.org)


Translation: someone was trying to send mail to my server, being refused because the IP address is blacklisted by dsbl.org, but retrying over and over in spite of the refusal. This went on for a few minutes. Evidently a really persistant spammer who just wasn't taking "no" for an answer.

So I firewalled his booty.

Any and all IP traffic from 66.1.139.159 now gets thrown away by my firewall. He won't be ignoring any more SMTP refusals, because he won't be getting as far as the mail server.

Mess with me, get firewalled. It's that simple.