From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 8626 invoked from network); 31 Jan 2023 08:02:23 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 31 Jan 2023 08:02:23 -0000 Received: from mx2.mythic-beasts.com ([46.235.227.24]) by 9front; Tue Jan 31 02:58:52 -0500 2023 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=quintile.net; s=mythic-beasts-k1; h=To:Date:Subject:From; bh=eyqs8dcFtgYSOIxZDxRcYr77QvRtgsZLC+SxAbmTmHs=; b=AkYpRjgUabmlJnRuWZfcpr41Kj yxTyGwDyXzPCk5XD6vYae8aQ7YrcLObV2wN47CL48jgEq6fzSRbKMsG07NGVY1I0b+DfKqSheyTJ0 kqU9lGRreUGjGqYqiSkRA/UTfvb9ah5jPu1Y9Gd+ubkwEQ/obwZBuMqAmhj6uRaNKhH98NoDp3VPo nOM/c1oJyk2GAzNBFhRKLNRCFAXqWe1LW1XXjKBHsqBsFV8yBmNX2DhqjUKRMG1G0WIWWs+PGpjbc TwDVTsHHCqeWFTjzPnzuh60N5UDwNmx6MMu4knxcO4CxGmpzexWfao9eNScEsnZshXXqkhRus3Tou QWew5SJA==; Received: from [81.187.198.132] (port=52655 helo=smtpclient.apple) by mailhub-hex-d.mythic-beasts.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1pMlXX-00FSao-1z for 9front@9front.org; Tue, 31 Jan 2023 07:58:51 +0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Steve Simon Mime-Version: 1.0 (1.0) Date: Tue, 31 Jan 2023 07:58:39 +0000 Message-Id: <7C2D6F4D-43C7-4414-AB27-355251682286@quintile.net> References: <8D9D9A9B7E2B716DB457719182D5271D@thinktankworkspaces.com> In-Reply-To: <8D9D9A9B7E2B716DB457719182D5271D@thinktankworkspaces.com> To: 9front@9front.org X-Mailer: iPhone Mail (20D47) X-BlackCat-Spam-Score: 4 List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: rich-client-scale realtime-java-aware database Subject: Re: [9front] dns tools Reply-To: 9front@9front.org Precedence: bulk there is also greylisting in smtpd which can put off some bots. if its a small selection of ip addresses, smtpd can be told to silently drop= ip connections from these. i have a modified ratfs which checks the remote dns name and rejects based o= n a pattern match. i also added a hex digit pattern (%). the idea was to rej= ect all email from rdns names like: line.%.%-adsl.verizon-west.com this helped with everything else, but sadly i have (after about 15 years) gi= ven up receiving email on plan9 and use my isp. $work and kids don't leave e= nough time to fight the good email fight -Steve > On 31 Jan 2023, at 6:44 am, william@thinktankworkspaces.com wrote: >=20 > =EF=BB=BFratfs seems to be working. I'm not getting the mail locally, but t= hey still keep trying >=20 > maat Jan 30 21:37:52 ehlo from 185.24.233.112 as ADMIN > maat Jan 30 21:37:52 Hung up on 185.24.233.112; claimed to be ADMIN > maat Jan 30 21:45:59 ehlo from 185.24.233.112 as ADMIN > maat Jan 30 21:45:59 Hung up on 185.24.233.112; claimed to be ADMIN > maat Jan 30 21:49:44 ehlo from 81.161.229.226 as WIN-CLJ1B0GQ6JP > maat Jan 30 21:49:44 Hung up on 81.161.229.226; claimed to be WIN-CLJ1B0GQ= 6JP > maat Jan 30 21:54:12 ehlo from 185.24.233.112 as ADMIN > maat Jan 30 21:54:12 Hung up on 185.24.233.112; claimed to be ADMIN >=20 > I could probably look into scanmail. I might also try blocking from linode= , maybe look at some firewall features from > the provider.=20 >=20 > Quoth Stanley Lieber : >>> On Jan 29, 2023, at 11:14 PM, william@thinktankworkspaces.com wrote: >>>=20 >>> =EF=BB=BFDo we have any firewall tools? I would like to block some conne= ctions.=20 >>>=20 >>> I know you can tweak routing by messing with /net/ipifc/clone >>>=20 >>> Just wanted to know if we have any other ways to block conncetions? >>>=20 >>>=20 >>>=20 >>> Quoth Stanley Lieber : >>>> check out iwhois (documented in the tel man page). >>>>=20 >>>> also: lookman dns. >>>>=20 >>>> the existing tools are fairly manual and rudimentary. >>>>=20 >>>> sl >>=20 >> there=E2=80=99s no generic firewall, but upas has some filtering options.= smtpd(8) reads the file /mail/blocked for blocked addresses, and has the -k= flag to block ip addresses manually. the validatesender script (called by u= pas) checks for a spamhaus file at /mail/lib/spamhaus. there are also ratfs(= 4) and scanmail(8), which provide more complex filtering mechanisms. >>=20 >> sl >>=20 >>=20 >>=20 >=20