2

I've got what appears to be a malicious/spam host that is overloading my Sendmail server causing it to refuse connections to other hosts. I'm overloaded by connections from one particular IP address. This IP is blocked in /etc/access from us accepting mail but it's causing a DOS via the mail server which is limiting the number of simultaneous connections.

How can I block a particular IP address so it doesn't even get to sendmail? I can't use inetd because sendmail is operating as a daemon. Can I use something like ifpw? I've never used it before. This is FreeBSD 7.0

Any help would be greatly appreciated!

S.ov
  • 121
  • 1

2 Answers2

2

Since you don't appear to have firewall capabilities, you could try using tcpwrappers to block the offending IP address. Under FreeBSD, tcpwrappers is configured in the file /etc/hosts.allow. Near the top of that file, add a line like this:

sendmail : ip.add.re.ss : deny

Even though, as you state, sendmail is not started by inetd, this will work, provided you are using a default build of sendmail - under FreeBSD, it is linked against libwrap, which provides this functionality. (If the output of ldd /usr/libexec/sendmail/sendmail doesn't include a reference to lwrap, then all bets are off, I'm afraid...)

Note that this is not a substitute for a real firewall - but in this case, it might just save you until this idiot moves on to his next victim. You should consider upgrading to a more recent release of FreeBSD, and take the opportunity to configure a firewall at the same time.

D_Bye
  • 13,797
  • 3
  • 42
  • 31
  • I don't think my sendmail build is default - I may have compiled it myself.. is there a way to test this? I've never been able to block mail before in /etc/hosts.allow though I never tried – S.ov Jun 27 '13 at 05:46
  • Run `ldd /usr/libexec/sendmail/sendmail` If you see a line that refers to `libwrap`, you should be able to use tcpwrappers, no matter who compiled it. Make sure the `hosts.allow` rule is early enough in the file that it isn't masked by the default `ALL : ALL : allow`, which allows all services to all callers. If you don't see `libwrap`, you can rebuild sendmail with default options to get the functionality. – D_Bye Jun 27 '13 at 09:42
1

You need to use the firewall builtin to FreeBSD. You can add a rule to drop packets from specific hosts so that the sendmail daemon never sees them.

Kyle Jones
  • 14,845
  • 3
  • 40
  • 51
  • can anyone give me a quick example on how to temporarily create a rule to filter a particular IP? And then revoke it? – S.ov Jun 25 '13 at 05:58
  • 1
    when I do: ipfw list I get: ipfw: getsockopt(IP_FW_GET): Protocol not available – S.ov Jun 25 '13 at 05:59