Mailing List CGatePro@mail.stalker.com Message #94584
From: Jeff Wark <jwark@tbaytel.net>
Subject: Re: Using blacklists on something other than SMTP
Date: Thu, 03 Apr 2008 09:17:14 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: CommuniGate Pro WebUser v5.0.13
Actually, I blocked them on the HTTPU listener right away and I removed the 'Mobile' service from their account.  The mobile service allows them to login/authenticate from a non-client IP.

I guess it doesn't really make sense to blacklist the HTTPU service since then a DNS lookup would be required for every connection.  Even though we do have a local copy of the spamhaus blacklists, it would slow things down terribly.

On Wed,  2 Apr 2008 11:13:01 -0700
 Christopher Bort <cbort@homesmagazine.com> wrote:
On 04/01/08 17:06, jwark@tbaytel.net (Jeff Wark) wrote:

Is there any way to deny logins based on a blacklist?

We currently have a spammer from the following block:
80.255.59.240 - 80.255.59.247
that is sending spam through the webmail using compromised accounts. He has done his due diligence and acquired several accounts with
[very] weak passwords and is using them through webmail, maybe with a
script.

So, he is also listed in zen.spamhaus.org under sbl and pbl:

$ is_bl.pl 80.255.59.243
host 243.59.255.80.zen.spamhaus.org
243.59.255.80.zen.spamhaus.org  A       127.0.0.2
243.59.255.80.zen.spamhaus.org  A       127.0.0.11


which led me to the question regarding the blacklists.

Any ideas?  He seems to be the only problem, but I'm sure more will
follow.

Set 'Remote Address Restrictions' in the HTTPU listener to deny the address range. If the scum is using compromised accounts, you'll probably want to deny him on other listeners as well; SMTP, at least, so that he can't authenticate and relay messages that way. The first thing to do though, really, is to change the passwords on the compromised accounts. If that inconveniences the users who belong to the accounts, well it's a good practical lesson for them, no?  8^)

-- Christopher Bort
Homes Magazine
email: <cbort@homesmagazine.com>
website: <http://www.homesmagazine.com/>
FAX: 775-284-1298
Phone: 775-284-1294x18

Real Estate Advertising/ Web Products/ Digital Printing Services

Serving: Wine Country Napa & Sonoma County, Marin County, San Francisco Bay
Area, Santa Cruz County, Monterey County , San Luis Obispo County & Santa
Barbara County, North Lake Tahoe & Truckee & South Lake Tahoe


#############################################################
This message is sent to you because you are subscribed to
 the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>

Jeff Wark
TBayTel Internet
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster