• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Blocking dynamic ip's connecting to port 25

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Anonymity // Privacy // Spam

View previous topic :: View next topic  
Author Message
SRMobile
Just Arrived
Just Arrived


Joined: 03 Oct 2005
Posts: 0
Location: Montreal

Offline

PostPosted: Mon Oct 03, 2005 6:26 pm    Post subject: Blocking dynamic ip's connecting to port 25 Reply with quote

Hello,

Im being hammered by bots and Im sick of it. Im looking for a program that will check to see if a user connecting to port 25 is in a dynamic ip range.

My server is procecing 10's of 1000's of spam messages a day for a small orginization.

Any help would be greatly appreciated!


Smile

How are you guys handling these bots/spyders ect ?
Back to top
View user's profile Send private message
larsmhansen
Trusted SF Member
Trusted SF Member


Joined: 11 Jan 2003
Posts: 0
Location: Boston, MA, USA

Offline

PostPosted: Mon Oct 03, 2005 6:37 pm    Post subject: Reply with quote

There's really no way your mail server can know whether another computer have its IP address assigned one way or the other; that information is just not available.

However, what many people do (including myself), is to configure their mail servers to use socalled blacklists. I am currently using spamhaus.org for my blacklist, and that blocks out a large number of spam every day.

Most newer mail servers does support this one way or the other, however since you don't say what server you are running, I can't provide any specidic information.
Back to top
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
SRMobile
Just Arrived
Just Arrived


Joined: 03 Oct 2005
Posts: 0
Location: Montreal

Offline

PostPosted: Mon Oct 03, 2005 6:42 pm    Post subject: Reply with quote

Im using 6 blacks lists already, the problem I have with this, is that Im using my bandwith to process these bogus emails. Even then, I still get alot of spam trickeling though.

Right now Im using Mail Essentials for Exchange (ME11) from gfi.com. I know there are lists out there that list dynamic ip ranges, I just need something that will check to see if its on the list and reject a connection to port 25 if theyre on it.

As it is now, I have a linksys that will foreward to my gateway server from port 25 to port 30. Trend Micro E Virus wall scans the email for a virus and then sends it to port 25 where ME11 is running, then to my exchange server.
Back to top
View user's profile Send private message
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Mon Oct 03, 2005 6:52 pm    Post subject: Reply with quote

There are companies that claim to maintain lists of dynamic IP pools, you can google them but here are a few:

http://www.njabl.org/

http://www.us.sorbs.net/faq/dul.shtml
Back to top
View user's profile Send private message
AdamV
SF Mod
SF Mod


Joined: 06 Oct 2004
Posts: 24
Location: Leeds, UK

Offline

PostPosted: Mon Oct 03, 2005 7:56 pm    Post subject: Reply with quote

SRMobile wrote:
Im using 6 blacks lists already, the problem I have with this, is that Im using my bandwith to process these bogus emails.


What kind of black lists are these? Ideally you need to be doing a reverse DNS lookup against something like spamaus' RBL. This way you don't process any emails from balcklisted addresses, so your bandwidth is not taken up by anything except the initial request to make an SMTP connection. This is still an overhead. If you can't cope with this at all, maybe you could offload the problem to an external service provider to scan for the most obvious spam and virus stuff. This costs, but if your bandwidth is a real problem maybe it's worth it.
Back to top
View user's profile Send private message Visit poster's website
SRMobile
Just Arrived
Just Arrived


Joined: 03 Oct 2005
Posts: 0
Location: Montreal

Offline

PostPosted: Tue Oct 04, 2005 12:07 am    Post subject: Reply with quote

ryansutton wrote:

http://www.us.sorbs.net/faq/dul.shtml


I had googled them earlier before I had posted. I started using them as a dnsbl and got results imemdiatly.

Eliza wrote:
What kind of black lists are these? Ideally you need to be doing a reverse DNS lookup against something like spamaus' RBL.


Spamhause, Spamcop are 2 I can think off the top of my head. Like I mentioned earlier, Im using GFI ME11 http://www.gfi.com/mes/ .


Eliza wrote:
If you can't cope with this at all, maybe you could offload the problem to an external service provider to scan for the most obvious spam and virus stuff. This costs, but if your bandwidth is a real problem maybe it's worth it.


Well I looked into this option as well. However, I dont think it would solve the problem because I would change my MX record to point to my ISP or whoever, then they would send it to me. The fact is that I still have a static IP on a list somewhere and people will continue to hammer away.

Im just suprized there isint software ready available that will take care of this, I cant be the only one.

I even contacted my ISP to see if they can block incomming connections from dynamic address's to port 25. They said they can only block certain addresses I would submit to them. So now, I have to find a list of dynamic IP's and submit.
Back to top
View user's profile Send private message
exiled
Just Arrived
Just Arrived


Joined: 03 Jan 2005
Posts: 0
Location: UK

Offline

PostPosted: Wed Oct 05, 2005 11:09 am    Post subject: Reply with quote

Quote:
Well I looked into this option as well. However, I dont think it would solve the problem because I would change my MX record to point to my ISP or whoever, then they would send it to me. The fact is that I still have a static IP on a list somewhere and people will continue to hammer away.

I really don't see why this is a problem? If another company was to process all your emails for virus' and spam, why would you need to accept connections from any IPs other than that company?
Back to top
View user's profile Send private message
AdamV
SF Mod
SF Mod


Joined: 06 Oct 2004
Posts: 24
Location: Leeds, UK

Offline

PostPosted: Wed Oct 05, 2005 12:25 pm    Post subject: Reply with quote

exiled, that's kind of what I thought, but even if these are not spam mails but port 25 connections produced by a bot, you still have to decline the connection every time, which takes router power.
Only accepting traffic (on 25) from one IP is the right thing to do if you offload your mail filtering, but it does not mean you can't be flooded (even dDos'ed) by deliberate malicious traffic direct to the external IP of the router.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Anonymity // Privacy // Spam All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register