PHWinfo - Afficher un message

29/03/2006, 20h12

I looked through the FAQ and googled, so if I'm missing the
documentation on how to do this, please let me know..

I'd like to implement either tarpitting or some method of blocking
spammers attempting dictionary attempts.

For example, just now:

Mar 29 12:05:37 www postfix/smtpd[19005]: NOQUEUE: reject: RCPT from
85-250-215-18.bb.netvision.net.il[85.250.215.18]: 550
<100proofnews@espphotography.com>: Recipient address rejected: User
unknown in local recipient table; from=<iusxuljh@hotmail.com>
to=<100proofnews@espphotography.com> proto=SMTP
helo=<85-250-215-18.bb.netvision.net.il>
Mar 29 12:05:41 www postfix/smtpd[19005]: NOQUEUE: reject: RCPT from
85-250-215-18.bb.netvision.net.il[85.250.215.18]: 550
<drhrxc@espphotography.com>: Recipient address rejected: User unknown
in local recipient table; from=<iusxuljh@hotmail.com>
to=<drhrxc@espphotography.com> proto=SMTP
helo=<85-250-215-18.bb.netvision.net.il>
Mar 29 12:05:44 www postfix/smtpd[19005]: NOQUEUE: reject: RCPT from
85-250-215-18.bb.netvision.net.il[85.250.215.18]: 550
<espnic@espphotography.com>: Recipient address rejected: User unknown
in local recipient table; from=<iusxuljh@hotmail.com>
to=<espnic@espphotography.com> proto=SMTP
helo=<85-250-215-18.bb.netvision.net.il>
Mar 29 12:05:53 www postfix/smtpd[19005]: NOQUEUE: reject: RCPT from
85-250-215-18.bb.netvision.net.il[85.250.215.18]: 550
<espphotography@espphotography.com>: Recipient address rejected: User
unknown in local recipient table; from=<iusxuljh@hotmail.com>
to=<espphotography@espphotography.com> proto=SMTP
helo=<85-250-215-18.bb.netvision.net.il>
Mar 29 12:05:56 www postfix/smtpd[19005]: NOQUEUE: reject: RCPT from
85-250-215-18.bb.netvision.net.il[85.250.215.18]: 550
<tory@espphotography.com>: Recipient address rejected: User unknown in
local recipient table; from=<iusxuljh@hotmail.com>
to=<tory@espphotography.com> proto=SMTP
helo=<85-250-215-18.bb.netvision.net.il>

I would have liked to block this guy at the second or maybe even third
attempt. Or perhaps just /dev/null all his traffic. Can postfix
automatically do something when this occurs?

Thanks.

Evan

29/03/2006, 20h12	#1
Evan Platt Messages: n/a Hébergeur:	Can postfix tarpit? I looked through the FAQ and googled, so if I'm missing the documentation on how to do this, please let me know.. I'd like to implement either tarpitting or some method of blocking spammers attempting dictionary attempts. For example, just now: Mar 29 12:05:37 www postfix/smtpd[19005]: NOQUEUE: reject: RCPT from 85-250-215-18.bb.netvision.net.il[85.250.215.18]: 550 <100proofnews@espphotography.com>: Recipient address rejected: User unknown in local recipient table; from=<iusxuljh@hotmail.com> to=<100proofnews@espphotography.com> proto=SMTP helo=<85-250-215-18.bb.netvision.net.il> Mar 29 12:05:41 www postfix/smtpd[19005]: NOQUEUE: reject: RCPT from 85-250-215-18.bb.netvision.net.il[85.250.215.18]: 550 <drhrxc@espphotography.com>: Recipient address rejected: User unknown in local recipient table; from=<iusxuljh@hotmail.com> to=<drhrxc@espphotography.com> proto=SMTP helo=<85-250-215-18.bb.netvision.net.il> Mar 29 12:05:44 www postfix/smtpd[19005]: NOQUEUE: reject: RCPT from 85-250-215-18.bb.netvision.net.il[85.250.215.18]: 550 <espnic@espphotography.com>: Recipient address rejected: User unknown in local recipient table; from=<iusxuljh@hotmail.com> to=<espnic@espphotography.com> proto=SMTP helo=<85-250-215-18.bb.netvision.net.il> Mar 29 12:05:53 www postfix/smtpd[19005]: NOQUEUE: reject: RCPT from 85-250-215-18.bb.netvision.net.il[85.250.215.18]: 550 <espphotography@espphotography.com>: Recipient address rejected: User unknown in local recipient table; from=<iusxuljh@hotmail.com> to=<espphotography@espphotography.com> proto=SMTP helo=<85-250-215-18.bb.netvision.net.il> Mar 29 12:05:56 www postfix/smtpd[19005]: NOQUEUE: reject: RCPT from 85-250-215-18.bb.netvision.net.il[85.250.215.18]: 550 <tory@espphotography.com>: Recipient address rejected: User unknown in local recipient table; from=<iusxuljh@hotmail.com> to=<tory@espphotography.com> proto=SMTP helo=<85-250-215-18.bb.netvision.net.il> I would have liked to block this guy at the second or maybe even third attempt. Or perhaps just /dev/null all his traffic. Can postfix automatically do something when this occurs? Thanks. Evan