• smtp question

    From Rixter@VERT/RICKSBBS to all on Wednesday, August 14, 2024 16:39:28
    I have two ip's attempting to use my smtp server every 2 minutes. 80.94.95.209 attempting send mail to guy@synchro.net and 80.94.95.248 attempting to send mail to shop@synchro.net I finally banned their ips in the silent list. Is this a good procedure. It goes on all day and nite unless I do. Does this happen to anyone else? Thank you and have a good day.

    ---
    þ Synchronet þ Ricks BBS - RICKSBBS.SYNCHRO.NET
  • From echicken@VERT/ECBBS to Rixter on Wednesday, August 14, 2024 19:25:28
    Re: smtp question
    By: Rixter to all on Wed Aug 14 2024 16:39:28

    attempting to send mail to shop@synchro.net I finally banned their ips in the silent list. Is this a good procedure. It goes on all day and nite unless I do. Does this happen to anyone else? Thank you and have a good

    I don't know at one point if any they would've been automatically banned, but sure, what you did is fine.

    Are they hammering your mail server enough that other systems can't connect to it? Are they causing heavy CPU load? Are they successfully sending out spam? If not, then you're better off just ignoring them. You'll drive yourself insane staring at your logs worrying and reacting to stuff like this. You've got a server exposed to the internet; it's going to get diddled on all the ports.

    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From Rixter@VERT/RICKSBBS to echicken on Thursday, August 15, 2024 04:29:04
    Re: smtp question
    By: Rixter to all on Wed Aug 14 2024 16:39:28

    I don't know at one point if any they would've been automatically banned, but sure, what you did is fine.

    Are they hammering your mail server enough that other systems can't connect to it? Are they causing heavy CPU load? Are they successfully sending out spam? If not, then you're better off just ignoring them. You'll drive yourself insane staring at your logs worrying and reacting to stuff like this. You've got a server exposed to the internet; it's going to get diddled on all the ports.

    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    ---
    ¨ Synchronet ¨ electronic chicken bbs - bbs.electronicchicken.com


    Thanks for good insight echicken. ¨¨

    ---
    þ Synchronet þ Ricks BBS - RICKSBBS.SYNCHRO.NET
  • From nelgin@VERT/EOTLBBS to All on Thursday, August 15, 2024 14:56:17
    On Thu, 15 Aug 2024 04:29:04 -0400
    "Rixter" (VERT/RICKSBBS) <VERT/RICKSBBS!Rixter@endofthelinebbs.com>
    wrote:
    Re: smtp question
    By: Rixter to all on Wed Aug 14 2024 16:39:28

    I don't know at one point if any they would've been automatically
    banned, but sure, what you did is fine.

    Are they hammering your mail server enough that other systems can't
    connect to it? Are they causing heavy CPU load? Are they
    successfully sending out spam? If not, then you're better off just
    ignoring them. You'll drive yourself insane staring at your logs
    worrying and reacting to stuff like this. You've got a server
    exposed to the internet; it's going to get diddled on all the
    ports.

    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    ---
    ¨ Synchronet ¨ electronic chicken bbs - bbs.electronicchicken.com


    Thanks for good insight echicken. ¨¨

    ---
    þ Synchronet þ Ricks BBS - RICKSBBS.SYNCHRO.NET
    I generally ignore them. It's not hurting much unless I see them
    absolutely hammering the box then I'll block them at the firewall
    (using ipset and iptables on the linux box) rather than have sbbs waste
    cycles on it.
    --
    End Of The Line BBS - Plano, TX
    telnet endofthelinebbs.com 23

    ---
    þ Synchronet þ End Of The Line BBS - endofthelinebbs.com
  • From KnightMare@VERT/TELEGRAP to Rixter on Saturday, August 17, 2024 08:17:56
    Re: smtp question
    By: Rixter to all on Wed Aug 14 2024 04:39 pm

    I have two ip's attempting to use my smtp server every 2 minutes. 80.94.95.209 attempting send mail to guy@synchro.net and 80.94.95.248 attempting to send mail to shop@synchro.net I finally banned their ips in
    [Cut to save space...]

    Could it be your provider just doing a port scan?

    ---
    þ Synchronet þ Telegraph BBS - Fayette Co, OH USA
  • From Rixter@VERT/RICKSBBS to KnightMare on Saturday, August 17, 2024 12:12:32
    Re: smtp question
    By: Rixter to all on Wed Aug 14 2024 04:39 pm

    [Cut to save space...]

    Could it be your provider just doing a port scan?
    I used ip lookup and it was traced back to England. Each time I unblock the ip it starts trying to send mail to my bbs using bad recipients.
    ---
    ¨ Synchronet ¨ Telegraph BBS - Fayette Co, OH USA

    ---
    þ Synchronet þ Ricks BBS - RICKSBBS.SYNCHRO.NET
  • From Rampage@VERT/SESTAR to Rixter on Sunday, August 18, 2024 07:20:37
    Re: smtp question
    By: Rixter to all on Wed Aug 14 2024 16:39:28

    I have two ip's attempting to use my smtp server every 2 minutes. 80.94.95.209 attempting send mail to guy@synchro.net and 80.94.95.248 attempting to send mail to shop@synchro.net I finally banned their
    ips in the silent list. Is this a good procedure. It goes on all day
    and nite unless I do. Does this happen to anyone else? Thank you and
    have a good day.

    block that entire subnet...it is a hosting site and if they have one bad client, they're likely to have others, too...

    80.94.95.0/24

    FWIW: plug those IPs into uncle google and take a look at the results...


    )\/(ark

    ---
    þ Synchronet þ The SouthEast Star Mail HUB - SESTAR
  • From Rampage@VERT/SESTAR to KnightMare on Sunday, August 18, 2024 07:25:21
    Re: smtp question
    By: KnightMare to Rixter on Sat Aug 17 2024 08:17:56

    I have two ip's attempting to use my smtp server every 2
    minutes. 80.94.95.209 attempting send mail to guy@synchro.net
    and 80.94.95.248 attempting to send mail to shop@synchro.net
    I finally banned
    their ips in
    [Cut to save space...]

    Could it be your provider just doing a port scan?

    portscans do not involved trying to send email to @synchro.net
    addresses ;)



    )\/(ark

    ---
    þ Synchronet þ The SouthEast Star Mail HUB - SESTAR
  • From Dumas Walker@VERT/CAPCITY2 to RIXTER on Sunday, August 18, 2024 09:37:00
    I have two ip's attempting to use my smtp server every 2 minutes. 80.94.95.209 attempting send mail to guy@synchro.net and 80.94.95.248 attempting to send mail to shop@synchro.net I finally banned their ips in

    Those IPAs belong to "Unmanaged, LTD," which appears to be linked to Bunea Telecom. If they are giving you grief, I'd see no issue adding them to the ip-silent.can file.


    * SLMR 2.1a * A problem can be found for almost every solution.
    ---
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Rixter@VERT/RICKSBBS to Dumas Walker on Sunday, August 18, 2024 15:10:31
    Those IPAs belong to "Unmanaged, LTD," which appears to be linked to Bunea Telecom. If they are giving you grief, I'd see no issue adding them to the ip-silent.can file.

    * SLMR 2.1a * A problem can be found for almost every solution.
    ---
    ¨ Synchronet ¨ CAPCITY2 * capcity2.synchro.net *
    Telnet/SSH:2022/Rlogin/HTTP


    thanks! I did. thank you all.

    ---
    þ Synchronet þ Ricks BBS - RICKSBBS.SYNCHRO.NET