Date: Tue, 19 Nov 2002 10:57:08 -0400   
   From: DAVE GOURD   
   To: HECTOR SANTOS   
   Subject: cheap and easy firewall    
   Newsgroups: win.server.wish.list   
   Message-ID: <1037721428.33.0@winserver.com>   
   X-WcMsg-Attr: Rcvd   
   X-Mailer: Wildcat! Interactive Net Server v7.0.454.5   
   Lines: 49   
      
   Is there any that a very simple "firewall" or local blocking list   
   could be added to protect from smtp probes?       
      
   For example, if a lot of probing comes from a certain IP, a sysop could   
   manually add it to a 'deny' list which would not allow delivery of    
   mail or attempts to deliver mail trying to verify valid email   
   accounts which are later found on the newest "29 million e-marketing    
   addresses for $149.99" CD's. (they don't pay me for letting them steal   
   the addresses)   
      
   The list could updated at the admins discretion if the issues are   
   resolved.   
      
   I know there are firewalls and routers to do this, but something simple   
   to stop or at least slow down this activity from known abusers via a   
   local list could be MOST helpful.    
      
   The rbl built-in capabilites work great, but as many of us know these   
   lists are not perfect and often either overkill or very short of hitting   
   the target.    
      
   This would help stop the harvesting of email addresses via wcsmtp.   
      
      
   Right now I could use something like this, have been getting killed with   
   24/7 dictionary probes. I don't mind the oversized log files as much as   
   the fact that since 11/01/2002, 6 of our accounts were verified this   
   way and 2 of those started getting spam yesterday.   
      
   Reporting the network abuse to ISP's is both labor intense and many   
   times as effective as pounding sand up one's butt.    
      
   The spamrbl works great IF the ip's are listed, and getting them listed   
   seems to be a lot like hunting for bigfoot or the loc ness monster, and   
   as sometimes known good ip's are listed and blocked ONLY because the are   
   part of a netblock/dialup pool and not as a separate IP.   
      
      
   I don't really want to go through the hassle of learning firewalls right   
   now and the machine resources overhead, and can't justify the expense of   
   good hardware.    
      
      
   Thoughts or ideas?   
      
   --   
   Dave   
      
   --- Platinum Xpress/Win/WINServer v3.1   
    * Origin: Prison Board BBS Mesquite Tx  //telnet.RDFIG.NET www. (1:124/5013)