HPE Community
Operating System - HP-UX
1752753 Members
4462 Online
108789 Solutions
New Discussion юеВ

Re: How do I bock aol users from port 25

 
SOLVED
Go to solution
Steven E. Protter
Exalted Contributor

тАО02-06-2004 05:00 AM

тАО02-06-2004 05:00 AM

How do I bock aol users from port 25

I have had a problem where aol users telnet into my server on port 25.

They then use smtp commands to send spam.

I've closed it up pretty much by tightening virtual domain rules but I tried this.

mailservers.aol.com OK #accept mail from valid aol mail servers

...
# list all valid mail servers from http://postmaster.aol.com

@aol.com 550 Spammer only accept mail from valid aol mail servers

aol.com 550 Spammer only accept mail from valid aol mail servers

This setup in my access file causes all aol mail to be rejected.

Is there a way to configure sendmail to only accept mail from my valid aol mail server list and none other?

Please post. If you post it and it works thats a bunny.

Is there a way to configure a firewall to do the same thing?

ipfilter and/or iptbles(Linux) config that works is good for a bunny. I don't think either resolves hostnames which makes it kind of useless.

If I find this works I'm going to configure my systems and publish the methodology for the top 10 ISP's in the US

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
19 REPLIES 19
Geoff Wild
Honored Contributor

тАО02-06-2004 05:24 AM

тАО02-06-2004 05:24 AM

Re: How do I bock aol users from port 25

Did you try my "forgeries" idea:

SIsAol
R$* aol.com $* $@ OK
R$* $#error $: "550 Access Denied. Forgeries are disallowed."

SLocal_check_mail
R$* aol.com $* $: $>IsAol $&{client_name}

What it means is, if the mail does not come from aol.com - then it won't go through.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

тАО02-06-2004 05:30 AM

тАО02-06-2004 05:30 AM

Re: How do I bock aol users from port 25

Hi

These do work

1. In /etc/services remove port 25.
2. Unplug network cables.
3. Remove internet connectivity and use a windoze machine as mail server.


Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО02-06-2004 05:30 AM

тАО02-06-2004 05:30 AM

Re: How do I bock aol users from port 25

An excellent suggestion.

The problem is that the spammers are using aol dial up accounts.

The traffic is valid port 25 traffic from aol's network.

Its just not from a mail server.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО02-06-2004 05:33 AM

тАО02-06-2004 05:33 AM

Re: How do I bock aol users from port 25

Here is the error:


Feb 6 12:12:15 jerusalem sendmail[30800]: i16ICAj30800: ruleset=check_relay, arg1=imo-m05.mx.aol.com, arg2=64.12.136.8, relay=imo-m05.mx.aol.com [64.12.136.8], reject=550 5.0.0 Spam.Only valid aol mail servers.$1000 fee applies
Feb 6 12:12:15 jerusalem sendmail[30800]: NOQUEUE: imo-m05.mx.aol.com [64.12.136.8] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA


Is there a way I can fix this?

Looks like two issues. The MAIL/EXPN/VRFY/ETRN is probably a result of my having run Bastille on the system last night. Looks like I should have answered that question differently.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО02-06-2004 05:34 AM

тАО02-06-2004 05:34 AM

Re: How do I bock aol users from port 25

That was a great joke Paula.

It was a joke right?

I would never trust a Windows machine for that job.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО02-06-2004 05:43 AM

тАО02-06-2004 05:43 AM

Re: How do I bock aol users from port 25

Okay, what about just blocking all the aol.com except for:

mailin-01.mx.aol.com internet address = 64.12.138.152
mailin-01.mx.aol.com internet address = 205.188.156.185
mailin-01.mx.aol.com internet address = 205.188.158.121
mailin-01.mx.aol.com internet address = 205.188.159.57
mailin-01.mx.aol.com internet address = 205.188.159.249
mailin-01.mx.aol.com internet address = 64.12.137.89
mailin-01.mx.aol.com internet address = 64.12.137.184
mailin-01.mx.aol.com internet address = 64.12.138.57
mailin-02.mx.aol.com internet address = 64.12.137.184
mailin-02.mx.aol.com internet address = 64.12.138.89
mailin-02.mx.aol.com internet address = 64.12.138.120
mailin-02.mx.aol.com internet address = 205.188.156.185
mailin-02.mx.aol.com internet address = 205.188.158.121
mailin-02.mx.aol.com internet address = 205.188.159.57
mailin-02.mx.aol.com internet address = 64.12.137.89

in the /etc/mail/access file...

I think this would work?

aol.com reject
mailin-01.mx.aol.com OK
...etc

Rgds...Geoff


Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО02-06-2004 05:45 AM

тАО02-06-2004 05:45 AM

Re: How do I bock aol users from port 25

Thats what I thougt I tried, straight off the sendmail.org site.

http://www.sendmail.org/m4/anti_spam.html

Produces the error messages above.

Perplexing.

I need to back off on the Bastille changes and try this again.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО02-06-2004 06:41 AM

тАО02-06-2004 06:41 AM

Solution

Re: How do I bock aol users from port 25

I'm testing the following in my access file:

aol.com ERROR:"550 - we do no accept mail from AOL dial up users directly..."
mailin-01.mx.aol.com OK
mailin-02.mx.aol.com OK
mailin-03.mx.aol.com OK
mailin-04.mx.aol.com OK

I don't know any aol usrs....so it may be a while before I see a legitimate email from them :)

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
Geoff Wild
Honored Contributor

тАО02-06-2004 06:47 AM

тАО02-06-2004 06:47 AM

Re: How do I bock aol users from port 25

Cool - nabbed the first culprit already!!!

Feb 6 11:51:19 dune sendmail[5563]: ruleset=check_relay, arg1=rly-ip05.mx.aol.com, arg2=64.12.138.9, relay=rly-ip05.mx.aol.com [64.12.138.9], reject=550 5.0.0 - we do no accept mail from AOL dial up users directly...


Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.