From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1N1RDC-0002rD-5N for garchives@archives.gentoo.org; Fri, 23 Oct 2009 20:58:14 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 58510E09A8; Fri, 23 Oct 2009 20:58:12 +0000 (UTC) Received: from mail-ew0-f211.google.com (mail-ew0-f211.google.com [209.85.219.211]) by pigeon.gentoo.org (Postfix) with ESMTP id 1E251E09A8 for ; Fri, 23 Oct 2009 20:58:12 +0000 (UTC) Received: by ewy7 with SMTP id 7so8644616ewy.34 for ; Fri, 23 Oct 2009 13:58:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=GdGzsAMEXOmbsgQDlwASIwwrmND+OSF+Fy9rwwy546M=; b=pjIbdhoBJw/CeWGXZR+oSMgKV++fslsShKyrnetrqspi/ANKj1S6w0r3mVR68Tb64P JqosDn877vRVKHYjvylsuKV7l/hJ0p4ciidHee83ulARyKit5hgBvL2JWRq4TvxEg7dm 6R5Pl5dyLmdFXEPV2qz6CsUL/oS/Cnj0tfKM4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:message-id; b=GaaDr1nZct0UuEICkFM/MN2NhDkXsqGk8vvrirpD5dklmrE+dMIixoL5g/q3z6R98W 5B9rW/dmAgjsf60vdt8YhO0tnvsgEHqbd051tuyX2TvlNIz503w9UViHD+bD1bRYYGyO Z+oYNZEzTt9oKyxlGn556clgXTF7pNT8omQ9o= Received: by 10.210.101.1 with SMTP id y1mr1148053ebb.60.1256331491633; Fri, 23 Oct 2009 13:58:11 -0700 (PDT) Received: from nazgul.localnet (196-210-153-40-rrdg-esr-2.dynamic.isadsl.co.za [196.210.153.40]) by mx.google.com with ESMTPS id 10sm1800176eyd.2.2009.10.23.13.58.10 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 23 Oct 2009 13:58:10 -0700 (PDT) From: Alan McKinnon To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Can't block pop3 attack Date: Fri, 23 Oct 2009 22:57:09 +0200 User-Agent: KMail/1.12.2 (Linux/2.6.31-zen4; KDE/4.3.2; x86_64; ; ) References: <200910240249.42991.robin.atwood@attglobal.net> In-Reply-To: <200910240249.42991.robin.atwood@attglobal.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200910232257.09736.alan.mckinnon@gmail.com> X-Archives-Salt: ee2a2135-6707-432f-ae66-28168e238193 X-Archives-Hash: 32b94f293fef8e83e606ee33c0312cef On Friday 23 October 2009 21:49:42 Robin Atwood wrote: > My syslog is showing zillions of messages: > > Oct 24 02:25:58 opal xinetd[8054]: START: pop-3 pid=16534 > from=61.134.64.199 Oct 24 02:25:59 opal xinetd[16534]: warning: > /etc/hosts.allow, line 7: can't verify hostname: > gethostbyname(199.64.134.61.broad.gs.dynamic.163data.com.cn) failed > Oct 24 02:26:09 opal xinetd[8054]: EXIT: pop-3 status=0 pid=16534 > duration=11(sec) > > I run denyhosts but don't trap pop3 messages so I manually added the IP > address to /etc/hosts.deny and..., it made absolutely no difference. I run > qpopper which is compiled with xinetd support and xinetd uses tcpd, so I > assumed the address would be blocked. Apparently not so. Any ideas? You have allow ALL ALL early in hosts.allow, or you have allow pop3 all earlier in hosts.allow -- alan dot mckinnon at gmail dot com