Re: How do I bock aol users from port 25

Steven E. Protter · ‎02-06-2004

I have had a problem where aol users telnet into my server on port 25.

They then use smtp commands to send spam.

I've closed it up pretty much by tightening virtual domain rules but I tried this.

mailservers.aol.com OK #accept mail from valid aol mail servers

...
# list all valid mail servers from http://postmaster.aol.com

@aol.com 550 Spammer only accept mail from valid aol mail servers

aol.com 550 Spammer only accept mail from valid aol mail servers

This setup in my access file causes all aol mail to be rejected.

Is there a way to configure sendmail to only accept mail from my valid aol mail server list and none other?

Please post. If you post it and it works thats a bunny.

Is there a way to configure a firewall to do the same thing?

ipfilter and/or iptbles(Linux) config that works is good for a bunny. I don't think either resolves hostnames which makes it kind of useless.

If I find this works I'm going to configure my systems and publish the methodology for the top 10 ISP's in the US

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Geoff Wild · ‎02-06-2004

Did you try my "forgeries" idea:

SIsAol
R$* aol.com $* $@ OK
R$* $#error $: "550 Access Denied. Forgeries are disallowed."

SLocal_check_mail
R$* aol.com $* $: $>IsAol $&{client_name}

What it means is, if the mail does not come from aol.com - then it won't go through.

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Paula J Frazer-Campbell · ‎02-06-2004

Hi

These do work

1. In /etc/services remove port 25.
2. Unplug network cables.
3. Remove internet connectivity and use a windoze machine as mail server.

Paula

If you can spell SysAdmin then you is one - anon

Steven E. Protter · ‎02-06-2004

An excellent suggestion.

The problem is that the spammers are using aol dial up accounts.

The traffic is valid port 25 traffic from aol's network.

Its just not from a mail server.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Steven E. Protter · ‎02-06-2004

Here is the error:

Feb 6 12:12:15 jerusalem sendmail[30800]: i16ICAj30800: ruleset=check_relay, arg1=imo-m05.mx.aol.com, arg2=64.12.136.8, relay=imo-m05.mx.aol.com [64.12.136.8], reject=550 5.0.0 Spam.Only valid aol mail servers.$1000 fee applies
Feb 6 12:12:15 jerusalem sendmail[30800]: NOQUEUE: imo-m05.mx.aol.com [64.12.136.8] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

Is there a way I can fix this?

Looks like two issues. The MAIL/EXPN/VRFY/ETRN is probably a result of my having run Bastille on the system last night. Looks like I should have answered that question differently.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Steven E. Protter · ‎02-06-2004

That was a great joke Paula.

It was a joke right?

I would never trust a Windows machine for that job.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Geoff Wild · ‎02-06-2004

Okay, what about just blocking all the aol.com except for:

mailin-01.mx.aol.com internet address = 64.12.138.152
mailin-01.mx.aol.com internet address = 205.188.156.185
mailin-01.mx.aol.com internet address = 205.188.158.121
mailin-01.mx.aol.com internet address = 205.188.159.57
mailin-01.mx.aol.com internet address = 205.188.159.249
mailin-01.mx.aol.com internet address = 64.12.137.89
mailin-01.mx.aol.com internet address = 64.12.137.184
mailin-01.mx.aol.com internet address = 64.12.138.57
mailin-02.mx.aol.com internet address = 64.12.137.184
mailin-02.mx.aol.com internet address = 64.12.138.89
mailin-02.mx.aol.com internet address = 64.12.138.120
mailin-02.mx.aol.com internet address = 205.188.156.185
mailin-02.mx.aol.com internet address = 205.188.158.121
mailin-02.mx.aol.com internet address = 205.188.159.57
mailin-02.mx.aol.com internet address = 64.12.137.89

in the /etc/mail/access file...

I think this would work?

aol.com reject
mailin-01.mx.aol.com OK
...etc

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Steven E. Protter · ‎02-06-2004

Thats what I thougt I tried, straight off the sendmail.org site.

http://www.sendmail.org/m4/anti_spam.html

Produces the error messages above.

Perplexing.

I need to back off on the Bastille changes and try this again.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Geoff Wild · ‎02-06-2004

I'm testing the following in my access file:

aol.com ERROR:"550 - we do no accept mail from AOL dial up users directly..."
mailin-01.mx.aol.com OK
mailin-02.mx.aol.com OK
mailin-03.mx.aol.com OK
mailin-04.mx.aol.com OK

I don't know any aol usrs....so it may be a while before I see a legitimate email from them :)

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Geoff Wild · ‎02-06-2004

Cool - nabbed the first culprit already!!!

Feb 6 11:51:19 dune sendmail[5563]: ruleset=check_relay, arg1=rly-ip05.mx.aol.com, arg2=64.12.138.9, relay=rly-ip05.mx.aol.com [64.12.138.9], reject=550 5.0.0 - we do no accept mail from AOL dial up users directly...

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Steven E. Protter · ‎02-06-2004

I am testing the following:

access file

aol.com 550 Spam. Only valid aol mail servers. $1000 fee applies
imo-d01.mx.aol.com OK
imo-d02.mx.aol.com OK
imo-d03.mx.aol.com OK
imo-d04.mx.aol.com OK
imo-d05.mx.aol.com OK
imo-d06.mx.aol.com OK
imo-d07.mx.aol.com OK
imo-d08.mx.aol.com OK
imo-d09.mx.aol.com OK
imo-d10.mx.aol.com OK
imo-r01.mx.aol.com OK
imo-r02.mx.aol.com OK
imo-r03.mx.aol.com OK
imo-r04.mx.aol.com OK
imo-r05.mx.aol.com OK
imo-r06.mx.aol.com OK
imo-r07.mx.aol.com OK
imo-r08.mx.aol.com OK
imo-r09.mx.aol.com OK
imo-r10.mx.aol.com OK
imo-m01.mx.aol.com OK
imo-m02.mx.aol.com OK
imo-m03.mx.aol.com OK
imo-m04.mx.aol.com OK
imo-m05.mx.aol.com OK
imo-m06.mx.aol.com OK
imo-m07.mx.aol.com OK
imo-m08.mx.aol.com OK
imo-m09.mx.aol.com OK
imo-m10.mx.aol.com OK

snip.

Can someone with an aol account send mail to sprotter@investmenttool.com and see if it gets through?

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Steven E. Protter · ‎02-06-2004

SUCCESS!

Bunny time.

Geoff the mail servers on your list are aol's incoming mail servers. They will never send you mail. Use my list.

I've successfully tested it with one of my private customers aol accounts.

I'm home now btw.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Geoff Wild · ‎02-06-2004

Cool - thanks Steven - yeah - I saw I grabbed the wrong servers.

No points for this post.

Thanks...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Steven E. Protter · ‎02-06-2004

I was wrong, it wasn't fixed. All mail still rejects on Geoff and my config.

So I set up rejects on all of AOL's dial up IP blocks.

That will cut down the trafiic a lot.

All has been quiet on this front for 24 hours.

Still monitoring and testing.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Steven E. Protter · ‎02-07-2004

All quiet on the spam front.

Read this there is some good info here.
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=424086

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Geoff Wild · ‎02-07-2004

Hmnn.... so far, I can't detect anything wrong - for example, why does this work:

To:mydomain.ca ERROR:"553 reject...."
gjwild@mydomain.ca OK
lawild@mydomain.ca OK
webmaster@mydomain.ca OK
info@mydomain.ca OK

and this doesn't:

aol.com ERROR:"550 - we do no accept mail from AOL dial up users directly..."
imo-d01.mx.aol.com OK
imo-d02.mx.aol.com OK
imo-d03.mx.aol.com OK
etc...

Doesn't make sense - both should work....

Unfortunatly, (or maybe a blessing) I don't know anybody on AOL...

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Steven E. Protter · ‎02-07-2004

The both should Geoff.

It could be something about how aol does their mail system.

What version of sendmail do you use.

BTW when you post to my threads you get something.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Geoff Wild · ‎02-07-2004

I'm using Version 8.12.10

Though I see 8.12.11 was release Jan 18...

I see you are on tonight - same here - currently migrating our SAP Production to a new SAN environment - 2GB pipes all the way through.

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Geoff Wild · ‎02-07-2004

Just reading:

http://www.sendmail.org/m4/anti_spam.html#access_db

For example:

cyberspammer.com ERROR:"550 We don't accept mail from spammers"
okay.cyberspammer.com OK

would accept mail from okay.cyberspammer.com, but would reject mail from all other hosts at cyberspammer.com with the indicated message.

That tells me that what we are doing should work.

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Steven E. Protter · ‎02-07-2004

I read that too. Thats how I devised by scheme.

I'm going to call the aol postmaster help desk from http://postmaster.aol.com and see what they say. I'm trying to do them a favor protect their users from spam relay, maybe they will help.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: How do I bock aol users from port 25

How do I bock aol users from port 25