• smtp question

    From Rixter@1:103/705 to all on Wed Aug 14 16:39:28 2024
    I have two ip's attempting to use my smtp server every 2 minutes. 80.94.95.209 attempting send mail to guy@synchro.net and 80.94.95.248 attempting to send mail to shop@synchro.net I finally banned their ips in the silent list. Is this a good procedure. It goes on all day and nite unless I do. Does this happen to anyone else? Thank you and have a good day.

    ---
    ■ Synchronet ■ Ricks BBS - RICKSBBS.SYNCHRO.NET
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From echicken@1:103/705 to Rixter on Wed Aug 14 19:25:28 2024
    Re: smtp question
    By: Rixter to all on Wed Aug 14 2024 16:39:28

    attempting to send mail to shop@synchro.net I finally banned their ips in the silent list. Is this a good procedure. It goes on all day and nite unless I do. Does this happen to anyone else? Thank you and have a good

    I don't know at one point if any they would've been automatically banned, but sure, what you did is fine.

    Are they hammering your mail server enough that other systems can't connect to it? Are they causing heavy CPU load? Are they successfully sending out spam? If not, then you're better off just ignoring them. You'll drive yourself insane staring at your logs worrying and reacting to stuff like this. You've got a server exposed to the internet; it's going to get diddled on all the ports.

    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    ---
    Synchronet electronic chicken bbs - bbs.electronicchicken.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rixter@1:103/705 to echicken on Thu Aug 15 04:29:04 2024
    Re: smtp question
    By: Rixter to all on Wed Aug 14 2024 16:39:28

    I don't know at one point if any they would've been automatically banned, but sure, what you did is fine.

    Are they hammering your mail server enough that other systems can't connect to it? Are they causing heavy CPU load? Are they successfully sending out spam? If not, then you're better off just ignoring them. You'll drive yourself insane staring at your logs worrying and reacting to stuff like this. You've got a server exposed to the internet; it's going to get diddled on all the ports.

    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    ---
    � Synchronet � electronic chicken bbs - bbs.electronicchicken.com


    Thanks for good insight echicken. 🤓🐔

    ---
    ■ Synchronet ■ Ricks BBS - RICKSBBS.SYNCHRO.NET
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From nelgin@1:103/705 to All on Thu Aug 15 14:56:17 2024
    On Thu, 15 Aug 2024 04:29:04 -0400
    "Rixter" (VERT/RICKSBBS) <VERT/RICKSBBS!Rixter@endofthelinebbs.com>
    wrote:
    Re: smtp question
    By: Rixter to all on Wed Aug 14 2024 16:39:28

    I don't know at one point if any they would've been automatically
    banned, but sure, what you did is fine.

    Are they hammering your mail server enough that other systems can't
    connect to it? Are they causing heavy CPU load? Are they
    successfully sending out spam? If not, then you're better off just
    ignoring them. You'll drive yourself insane staring at your logs
    worrying and reacting to stuff like this. You've got a server
    exposed to the internet; it's going to get diddled on all the
    ports.

    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    ---
    � Synchronet � electronic chicken bbs - bbs.electronicchicken.com


    Thanks for good insight echicken. 🤓🐔

    ---
    ■ Synchronet ■ Ricks BBS - RICKSBBS.SYNCHRO.NET
    I generally ignore them. It's not hurting much unless I see them
    absolutely hammering the box then I'll block them at the firewall
    (using ipset and iptables on the linux box) rather than have sbbs waste
    cycles on it.
    --
    End Of The Line BBS - Plano, TX
    telnet endofthelinebbs.com 23
    ---
    ■ Synchronet ■ End Of The Line BBS - endofthelinebbs.com
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From KnightMare@1:103/705 to Rixter on Sat Aug 17 08:17:56 2024
    Re: smtp question
    By: Rixter to all on Wed Aug 14 2024 04:39 pm

    I have two ip's attempting to use my smtp server every 2 minutes. 80.94.95.209 attempting send mail to guy@synchro.net and 80.94.95.248 attempting to send mail to shop@synchro.net I finally banned their ips in
    [Cut to save space...]

    Could it be your provider just doing a port scan?

    ---
    Synchronet Telegraph BBS - Fayette Co, OH USA
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rixter@1:103/705 to KnightMare on Sat Aug 17 12:12:32 2024
    Re: smtp question
    By: Rixter to all on Wed Aug 14 2024 04:39 pm

    [Cut to save space...]

    Could it be your provider just doing a port scan?
    I used ip lookup and it was traced back to England. Each time I unblock the ip it starts trying to send mail to my bbs using bad recipients.
    ---
    � Synchronet � Telegraph BBS - Fayette Co, OH USA

    ---
    ■ Synchronet ■ Ricks BBS - RICKSBBS.SYNCHRO.NET
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rampage@1:103/705 to Rixter on Sun Aug 18 07:20:37 2024
    Re: smtp question
    By: Rixter to all on Wed Aug 14 2024 16:39:28

    I have two ip's attempting to use my smtp server every 2 minutes. 80.94.95.209 attempting send mail to guy@synchro.net and 80.94.95.248 attempting to send mail to shop@synchro.net I finally banned their
    ips in the silent list. Is this a good procedure. It goes on all day
    and nite unless I do. Does this happen to anyone else? Thank you and
    have a good day.

    block that entire subnet...it is a hosting site and if they have one bad client, they're likely to have others, too...

    80.94.95.0/24

    FWIW: plug those IPs into uncle google and take a look at the results...


    )\/(ark

    ---
    Synchronet The SouthEast Star Mail HUB - SESTAR
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rampage@1:103/705 to KnightMare on Sun Aug 18 07:25:21 2024
    Re: smtp question
    By: KnightMare to Rixter on Sat Aug 17 2024 08:17:56

    I have two ip's attempting to use my smtp server every 2
    minutes. 80.94.95.209 attempting send mail to guy@synchro.net
    and 80.94.95.248 attempting to send mail to shop@synchro.net
    I finally banned
    their ips in
    [Cut to save space...]

    Could it be your provider just doing a port scan?

    portscans do not involved trying to send email to @synchro.net
    addresses ;)



    )\/(ark

    ---
    Synchronet The SouthEast Star Mail HUB - SESTAR
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Dumas Walker@1:103/705 to RIXTER on Sun Aug 18 09:37:00 2024
    I have two ip's attempting to use my smtp server every 2 minutes. 80.94.95.209 attempting send mail to guy@synchro.net and 80.94.95.248 attempting to send mail to shop@synchro.net I finally banned their ips in

    Those IPAs belong to "Unmanaged, LTD," which appears to be linked to Bunea Telecom. If they are giving you grief, I'd see no issue adding them to the ip-silent.can file.


    * SLMR 2.1a * A problem can be found for almost every solution.
    ---
    Synchronet CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rixter@1:103/705 to Dumas Walker on Sun Aug 18 15:10:31 2024
    Those IPAs belong to "Unmanaged, LTD," which appears to be linked to Bunea Telecom. If they are giving you grief, I'd see no issue adding them to the ip-silent.can file.

    * SLMR 2.1a * A problem can be found for almost every solution.
    ---
    � Synchronet � CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP


    thanks! I did. thank you all.

    ---
    ■ Synchronet ■ Ricks BBS - RICKSBBS.SYNCHRO.NET
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)