[Dshield] relect=550 actions

Pieter-Bas IJdens pbijdens at emea.mi4.org.uk
Tue Jul 16 10:22:09 GMT 2002


Hello,

Anyone know of a mail server plug-in/add-on (preferably for sendmail, but
any other agent will do) that allows automatic action when a host generates
too many (one? :P) 550 relaying denied errors?

Our internet mail servers have been included (we apparently pissed somebody
off when complaining to an abuse department) on a list of open relays, and
we're getting roughly 1000 relaying attempts a day from some 30 to 50 hosts
at the moment. We would like to automatically block the offending IPs on the
firewall (for some 10 minutes) from some kind of script, and preferably even
automatially generate an e-mail that we can send to the abuse department
later. It would be great if this would automatically happen on the mail
server.

Anyone know of a tool that can do one or more of these things. Manually
doing this for all the hosts that hit us is quite a lot of work.

Also I would greatly apprecate any input concerning legal issues involved in
stopping these people. I expect most of the hosts used are compromized
hosts, and the from addresses clearly indicate this is one party trying to
push its spam over all these different hosts.

Thanks,

  Pieter-Bas

--
Quidquid latine dictum sit, altum viditur




More information about the list mailing list