Hallo,
seit einiger Zeit beobachte ich - trotz fail2ban regeln solche Massenspams die ich irgendwie nicht abwehren kann.
Ich behelfe mir das ich mit iptables das gesamte C-Netz sperre wenn ich das mitbekomme, aber das ist natürlich nicht sehr effizient.
Aug 5 16:26:58 server14 greylisting[20682]: sender nokitesr@sbirkaprikladu.eu, address 193.179.204.67 seen for the first time: rejected
Aug 5 16:36:46 server14 greylisting[27907]: sender nokitesr@sbirkaprikladu.eu, address 193.179.204.67 passed thru
Aug 5 18:20:31 server14 greylisting[24128]: sender primmat.smtp@client.virtualzone.eu, address 193.179.204.67 seen for the first time: rejected
Aug 5 18:26:46 server14 greylisting[26031]: sender primmat.smtp@client.virtualzone.eu, address 193.179.204.67 passed thru
Aug 5 18:26:53 server14 qmail: 1628180813.372118 delivery 2425: failure: 193.179.204.46_does_not_like_recipient./Remote_host_said:_552_5.2.2_<primmat.smtp@client.virtualzone.eu>:_Recipient_address_rejected:_Mailbox_is_full/Giving_up_on_193.179.204.46./
oder:
Aug 5 14:32:31 server14 greylisting[18189]: sender shimanaleonod@quietlivity.com, address 23.88.38.153 seen for the first time: rejected
Aug 5 14:32:32 server14 greylisting[18198]: sender shimanalqenod@quietlivity.com, address 23.88.38.153 seen for the first time: rejected
Aug 5 14:35:42 server14 greylisting[20062]: sender shimeaytiueod@quietlivity.com, address 23.88.38.153 seen for the first time: rejected
Aug 5 14:36:25 server14 greylisting[20196]: sender shimantiueod@quicksignsinc.net, address 23.88.38.153 passed thru
Aug 5 14:36:43 server14 greylisting[20305]: sender shimanftiueod@quietlivity.com, address 23.88.38.153 seen for the first time: rejected
Aug 5 14:39:23 server14 greylisting[21344]: sender shimanttiueod@reliabilityweb.com, address 23.88.38.153 passed thru
Aug 5 14:39:25 server14 greylisting[21406]: sender shimanttiueod@reliabilityweb.com, address 23.88.38.153 passed thru
Aug 5 14:40:12 server14 greylisting[21723]: sender shimanahlenod@quietlivity.com, address 23.88.38.153 passed thru
Aug 5 14:40:16 server14 greylisting[21744]: sender shimantiueuod@quicksignsinc.net, address 23.88.38.153 passed thru
Aug 5 14:43:40 server14 greylisting[23010]: sender shimanaleenod@quietlivity.com, address 23.88.38.153 passed thru
Aug 5 14:44:01 server14 greylisting[23258]: sender shimanaletnod@reliabilityweb.com, address 23.88.38.153 passed thru
Aug 5 14:47:35 server14 greylisting[25503]: sender shimzeytiueod@quicksignsinc.net, address 23.88.38.153 passed thru
Aug 5 14:48:34 server14 greylisting[26741]: sender shimanalegnod@quicksignsinc.net, address 23.88.38.153 passed thru
Aug 5 14:48:40 server14 greylisting[26787]: sender shimanaclenod@quietlivity.com, address 23.88.38.153 trusted host
Aug 5 14:51:24 server14 greylisting[28108]: sender shimanaklenod@quirkytravelguy.com, address 23.88.38.153 trusted host
Aug 5 14:51:55 server14 greylisting[28391]: sender shimanaluenod@reliabilityweb.com, address 23.88.38.153 passed thru
Aug 5 14:54:06 server14 greylisting[29125]: sender shimanalemnod@rittmananalytics.com, address 23.88.38.153 passed thru
Aug 5 14:55:46 server14 greylisting[29644]: sender shimanalehnod@quietlivity.com, address 23.88.38.153 passed thru
Aug 5 14:55:47 server14 greylisting[29687]: sender shimanalepnod@quietlivity.com, address 23.88.38.153 passed thru
Aug 5 15:01:16 server14 greylisting[1652]: sender shimdeytiueod@quirkytravelguy.com, address 23.88.38.153 trusted host
Aug 5 15:02:33 server14 greylisting[2262]: sender shimanalernod@reliabilityweb.com, address 23.88.38.153 trusted host
Aug 5 15:04:01 server14 greylisting[2395]: sender shimanaklenod@quietlivity.com, address 23.88.38.153 trusted host
Aug 5 15:06:32 server14 greylisting[2878]: sender shimanalegnod@quietlivity.com, address 23.88.38.153 trusted host
Habt ihr da bessere Lösung solche Einlieferung im Keim zu ersticken?
Manfred