-
smtp question
From
Rixter@VERT/RICKSBBS to
all on Wednesday, August 14, 2024 16:39:28
I have two ip's attempting to use my smtp server every 2 minutes. 80.94.95.209
attempting send mail to guy@synchro.net and 80.94.95.248 attempting to send
mail to shop@synchro.net I finally banned their ips in the silent list. Is this
a good procedure. It goes on all day and nite unless I do. Does this happen to
anyone else? Thank you and have a good day.
---
þ Synchronet þ Ricks BBS - RICKSBBS.SYNCHRO.NET
-
From
echicken@VERT/ECBBS to
Rixter on Wednesday, August 14, 2024 19:25:28
Re: smtp question
By: Rixter to all on Wed Aug 14 2024 16:39:28
Ri> attempting to send mail to shop@synchro.net I finally banned their ips in
Ri> the silent list. Is this a good procedure. It goes on all day and nite
Ri> unless I do. Does this happen to anyone else? Thank you and have a good
I don't know at one point if any they would've been automatically banned, but sure, what you did is fine.
Are they hammering your mail server enough that other systems can't connect to it? Are they causing heavy CPU load? Are they successfully sending out spam? If not, then you're better off just ignoring them. You'll drive yourself insane staring at your logs worrying and reacting to stuff like this. You've got a server exposed to the internet; it's going to get diddled on all the ports.
echicken
electronic chicken bbs - bbs.electronicchicken.com
---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
-
From
Rixter@VERT/RICKSBBS to
echicken on Thursday, August 15, 2024 04:29:04
> Re: smtp question
> By: Rixter to all on Wed Aug 14 2024 16:39:28
> I don't know at one point if any they would've been automatically banned, but
> sure, what you did is fine.
> Are they hammering your mail server enough that other systems can't connect
> to it? Are they causing heavy CPU load? Are they successfully sending out
> spam? If not, then you're better off just ignoring them. You'll drive
> yourself insane staring at your logs worrying and reacting to stuff like
> this. You've got a server exposed to the internet; it's going to get diddled
> on all the ports.
> echicken
> electronic chicken bbs - bbs.electronicchicken.com
> ---
> ¨ Synchronet ¨ electronic chicken bbs - bbs.electronicchicken.com
Thanks for good insight echicken. ¨¨
---
þ Synchronet þ Ricks BBS - RICKSBBS.SYNCHRO.NET
-
From
nelgin@VERT/EOTLBBS to
All on Thursday, August 15, 2024 14:56:17
On Thu, 15 Aug 2024 04:29:04 -0400
"Rixter" (VERT/RICKSBBS) <VERT/RICKSBBS!Rixter@endofthelinebbs.com>
wrote:
> > Re: smtp question
> > By: Rixter to all on Wed Aug 14 2024 16:39:28
>
> > I don't know at one point if any they would've been automatically
> > banned, but sure, what you did is fine.
>
> > Are they hammering your mail server enough that other systems can't
> > connect to it? Are they causing heavy CPU load? Are they
> > successfully sending out spam? If not, then you're better off just
> > ignoring them. You'll drive yourself insane staring at your logs
> > worrying and reacting to stuff like this. You've got a server
> > exposed to the internet; it's going to get diddled on all the
> > ports.
>
> > echicken
> > electronic chicken bbs - bbs.electronicchicken.com
> > ---
> > ¨ Synchronet ¨ electronic chicken bbs - bbs.electronicchicken.com
>
>
> Thanks for good insight echicken. ¨¨
>
> ---
> þ Synchronet þ Ricks BBS - RICKSBBS.SYNCHRO.NET
I generally ignore them. It's not hurting much unless I see them
absolutely hammering the box then I'll block them at the firewall
(using ipset and iptables on the linux box) rather than have sbbs waste
cycles on it.
--
End Of The Line BBS - Plano, TX
telnet endofthelinebbs.com 23
---
þ Synchronet þ End Of The Line BBS - endofthelinebbs.com
-
From
KnightMare@VERT/TELEGRAP to
Rixter on Saturday, August 17, 2024 08:17:56
Re: smtp question
By: Rixter to all on Wed Aug 14 2024 04:39 pm
Ri> I have two ip's attempting to use my smtp server every 2 minutes.
Ri> 80.94.95.209 attempting send mail to guy@synchro.net and 80.94.95.248
Ri> attempting to send mail to shop@synchro.net I finally banned their ips in
[Cut to save space...]
Could it be your provider just doing a port scan?
---
þ Synchronet þ Telegraph BBS - Fayette Co, OH USA
-
From
Rixter@VERT/RICKSBBS to
KnightMare on Saturday, August 17, 2024 12:12:32
> Re: smtp question
> By: Rixter to all on Wed Aug 14 2024 04:39 pm
> [Cut to save space...]
> Could it be your provider just doing a port scan?
> I used ip lookup and it was traced back to England. Each time I unblock the
> ip it starts trying to send mail to my bbs using bad recipients.
> ---
> ¨ Synchronet ¨ Telegraph BBS - Fayette Co, OH USA
---
þ Synchronet þ Ricks BBS - RICKSBBS.SYNCHRO.NET
-
From
Rampage@VERT/SESTAR to
Rixter on Sunday, August 18, 2024 07:20:37
Re: smtp question
By: Rixter to all on Wed Aug 14 2024 16:39:28
> I have two ip's attempting to use my smtp server every 2 minutes.
> 80.94.95.209 attempting send mail to guy@synchro.net and 80.94.95.248
> attempting to send mail to shop@synchro.net I finally banned their
> ips in the silent list. Is this a good procedure. It goes on all day
> and nite unless I do. Does this happen to anyone else? Thank you and
> have a good day.
block that entire subnet...it is a hosting site and if they have one bad
client, they're likely to have others, too...
80.94.95.0/24
FWIW: plug those IPs into uncle google and take a look at the results...
)\/(ark
---
þ Synchronet þ The SouthEast Star Mail HUB - SESTAR
-
From
Rampage@VERT/SESTAR to
KnightMare on Sunday, August 18, 2024 07:25:21
Re: smtp question
By: KnightMare to Rixter on Sat Aug 17 2024 08:17:56
> Ri> I have two ip's attempting to use my smtp server every 2
> minutes. 80.94.95.209 attempting send mail to guy@synchro.net
> and 80.94.95.248 attempting to send mail to shop@synchro.net
> I finally banned
> Ri> their ips in
> [Cut to save space...]
>
> Could it be your provider just doing a port scan?
portscans do not involved trying to send email to @synchro.net
addresses ;)
)\/(ark
---
þ Synchronet þ The SouthEast Star Mail HUB - SESTAR
-
From
Dumas Walker@VERT/CAPCITY2 to
RIXTER on Sunday, August 18, 2024 09:37:00
Ri> I have two ip's attempting to use my smtp server every 2 minutes.
Ri> 80.94.95.209 attempting send mail to guy@synchro.net and 80.94.95.248
Ri> attempting to send mail to shop@synchro.net I finally banned their ips in
Those IPAs belong to "Unmanaged, LTD," which appears to be linked to Bunea
Telecom. If they are giving you grief, I'd see no issue adding them to the
ip-silent.can file.
* SLMR 2.1a * A problem can be found for almost every solution.
---
þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
-
From
Rixter@VERT/RICKSBBS to
Dumas Walker on Sunday, August 18, 2024 15:10:31
> Those IPAs belong to "Unmanaged, LTD," which appears to be linked to Bunea
> Telecom. If they are giving you grief, I'd see no issue adding them to the
> ip-silent.can file.
> * SLMR 2.1a * A problem can be found for almost every solution.
> ---
> ¨ Synchronet ¨ CAPCITY2 * capcity2.synchro.net *
> Telnet/SSH:2022/Rlogin/HTTP
thanks! I did. thank you all.
---
þ Synchronet þ Ricks BBS - RICKSBBS.SYNCHRO.NET