Hi,

I have been watching our system and, or firewall log since long, the
smtp port 25 are open here only for local mail services and have been
blocked for the public in general. But why the hell so many of the spam
pushers try to invade our machines, particularly the one which as acting
as gateway and firewall. Here follows an part of a daily log report for
yesterday for your kind reference:

--------------------- iptables firewall Begin ------------------------


Listed by source hosts:
Logged 751 packets on interface eth0
From 66.7.205.67 - 11 packets to tcp(25)
From 66.7.210.196 - 12 packets to tcp(25)
From 72.14.204.237 - 5 packets to tcp(25)
From 72.29.69.195 - 12 packets to tcp(25)
From 72.29.72.47 - 4 packets to tcp(25)
From 74.55.201.34 - 4 packets to tcp(25)
From 76.13.13.68 - 9 packets to tcp(25)
From 76.13.13.73 - 9 packets to tcp(25)
From 76.13.13.86 - 198 packets to tcp(25)
From 89.163.148.127 - 24 packets to tcp(25)
From 118.161.50.225 - 3 packets to tcp(25)
From 146.83.129.6 - 51 packets to tcp(25)
From 195.149.90.4 - 18 packets to tcp(25)
From 206.47.199.164 - 5 packets to tcp(25)
From 207.102.49.249 - 4 packets to tcp(25)
From 209.85.217.26 - 5 packets to tcp(25)
From 209.191.84.166 - 89 packets to tcp(25)
From 216.165.179.135 - 285 packets to tcp(0,25)

---------------------- iptables firewall End -------------------------


I can/shall list all the above said IP's by hostnames also, if the needed.

Do I need to report these kinds of invaders? If yes, to whom do I report
these?

How do I limit access to this smtp port 25 so that the invader is
blocked after more that 3 attempts?

Thanks,
Regards,

--
Dr Balwinder S "bsd" Dheeman Registered Linux User: #229709
Anu'z Linux@HOME (Unix Shoppe) Machines: #168573, 170593, 259192
Chandigarh, UT, 160062, India Gentoo, Fedora, Debian/FreeBSD/XP
Home: http://cto.homelinux.net/~bsd/ Visit: http://counter.li.org/