Blocking port 25 scanners
Jump to navigation
Jump to search
How it's used
This script is run in one of two ways:
1. Under tcpserver as a supervised daemon, and it listens on port 25 of IPs that don't have MX records. So it catches nasties that scan IP space for mail servers before it ever hits my real mail server. Go ahead and telnet to port 25 of 72.29.111.130 and see what happens (but do NOT do it from your mail server, else you won't be able to email me for a few days).
2. by other scripts, which pass in an IP as the first argument.
Script
#!/bin/sh # by matt@tnpi.net - 02/27/2007 PFCTL="/sbin/pfctl" BAD_IP=$1 MESSAGE="Added $BAD_IP to the spamd table." if [ -z $BAD_IP ]; then BAD_IP=$TCPREMOTEIP MESSAGE="Hi $BAD_IP. You came, you probed, and now you are blacklisted." fi if [ -z $BAD_IP ]; then echo "usage: $0 ip.ad.dr.ess" exit 1 fi # add them to the PF spamd table $PFCTL -q -t spamd -Tadd $BAD_IP echo $MESSAGE # kill all state entries for the blocked host $PFCTL -q -k $BAD_IP exit 1