Hello everyone.
Today at around 12 AM local (10:00 GMT) I started recieving spam from a
particular host. Nothing strange about it, except the fact
that all of the mail is coming to my home mailserver that I got up just
a few days ago, and just for home usage/testing/learning.
And the bugger doesn't seem to give up, in the last four hours I got
around 50 SPAM messages - all the same.
The sender is NAVER-MAILER@xxxxxxxxx and so far I just took steps to
block the spam - so the most straight forward thing that came to my mind
was to do a -DROP. The sender used a few different IP adresses, but most
of I was able to identify in the form of 1.2.3.0/24, so it all got up to
a list of five IP's, and so far I went with a script like this
BAD_IP_LIST="1.2.3.0/24 4.5.6.0/24 7.8.9.0/24"
for IP in $BAD_IP_LIST
{
iptables -A INPUT -s $IP -DROP
}
My question is: Is there a better way to act upon such a case?
because I'm not convinced to think that just doing a -DROP like the
above is the best idea.
For instance I may be blocking some other ip's, that could be innocent.
Or, not sure about this one though, is it possible I could be just
blocking some spoffed IP's?
With Regards
Łukasz Hejnak
"Greg: It's a little known fact, but e-mail servers were the tenth
plague that God visited upon the egyptians. All tat angel of death and
passover stuff is pure crap."
