Re: CRIME Extraneous mail traffic...

From: Seth Arnold (sarnold@private)
Date: Wed Aug 28 2002 - 01:16:07 PDT

  • Next message: Seth Arnold: "Re: CRIME Follow-up to my idea for helping law enforcement respond more eff ectively to life-threatening disappearances and abductions"

    On Tue, Aug 27, 2002 at 04:19:24PM -0700, Brent Irwin wrote:
    > I've had a lot of extraneous traffic sourcing from my mail server to
    > mailer3.hispeedmediaoffers.com. I'm still researching if the culprit
    > is internal, but I was wondering if any of you know of a software
    > package that would, somewhat dynamically enable me to set a filter on
    > incoming/outgoing messages to specified domain names? I could set it
    > at the firewall or the mail server, but this would be a massive manual
    > undertaking that I would love to see dynamic in nature.
    
    Brent, performing this on a per-mailserver basis is certainly possible
    but would require more details. (And no, I no longer know any mail
    server well enough to give the gist of how to do it. :)
    
    If you've got an iptables firewall in place, this script should help:
    #!/bin/sh
    # /sbin/goaway <address>
    /sbin/ipchains -A input -p tcp -s $1 -d 0/0 -j DENY
    /sbin/ipchains -A input -p tcp -s $1 -d 0/0 -y -j DENY
    
    If you've got a pf firewall in place, add some lines such as this to
    your /etc/pf.conf and reload the rules:
    block return-rst in log quick on xl0 proto tcp from 192.168.0.0/16 to any
    
    Of course, this will kill all communication with whoever you tell to
    "goaway" or block their packets, so it should only be used if you really
    don't want the traffic. :)
    
    
    -- 
    http://sardonix.org/
    
    
    



    This archive was generated by hypermail 2b30 : Wed Aug 28 2002 - 02:20:51 PDT