setembro 03, 2003
active smtp firewall using PF

1) because the MTAs you care about follow RFC
2) because bitch spammers spoof and sendmail rejects
3) because anyone trying to relay through me should go away

www.fif3.com/code/listenblock.txt

here's some log examples:
www.fif3.com/code/listenblock.log.txt

check fif3.com/code for the latest version

take ngrep and a list of smtp errors generated by spammers and script kiddie abuse, pass it to a packet filter table and *boom* damn you've got a little protocol aware active smtp firewall. don't forget to precede the blocking of hosts caught by this with a whitelist... just in case. (though i have yet to block anyone who didn't deserve it)

Posted by skp at setembro 03, 2003 07:32 PM | TrackBack
Comments

They should actually change this line:
pfctl -t blacklist_smtp -T replace -f /etc/blacklist.smtp 1>/dev/null 2>/dev/null

To this:
pfctl -t spamd -T add -f /etc/blacklist.smtp 1>/dev/null 2>/dev/null

And then run openbsd's spamd (not to be confused with SA spamd)
Add a line like this in pf.conf:
rdr inet proto tcp from to any port smtp -> 127.0.0.1 port 8025

And then instead of just getting a friendly RST they get
2.2.0 .....

Muhahahahaha

Posted by: Steve on março 24, 2004 01:34 PM

My previous comment had some things in gt's and lt's, which got eaten by the posting system.

See the man pfctl and man 8 spamd for details.

Posted by: steve on março 24, 2004 01:37 PM
Post a comment
Name:


Email Address:


URL:


Comments:


Remember info?