From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1N1Q90-0002Up-UR for garchives@archives.gentoo.org; Fri, 23 Oct 2009 19:49:51 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B0D66E0897; Fri, 23 Oct 2009 19:49:49 +0000 (UTC) Received: from kcout01.prserv.net (kcout01.prserv.net [12.154.55.31]) by pigeon.gentoo.org (Postfix) with ESMTP id 9BFD1E0897 for ; Fri, 23 Oct 2009 19:49:49 +0000 (UTC) Received: from opal.binro.org (adsl-dynamic-58-136-70-174.csloxinfo.net[58.136.70.174]) by prserv.net (kcout01) with ESMTP id <20091023194948201000om7se> (Authid: gbinet.atwoodr); Fri, 23 Oct 2009 19:49:48 +0000 X-Originating-IP: [58.136.70.174] Received: from opal.binro.org (localhost.localdomain [127.0.0.1]) by opal.binro.org (8.14.3/8.14.2) with ESMTP id n9NJnhV9024971 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sat, 24 Oct 2009 02:49:43 +0700 Received: (from robin@localhost) by opal.binro.org (8.14.3/8.14.2/Submit) id n9NJnhoN024970 for gentoo-user@lists.gentoo.org; Sat, 24 Oct 2009 02:49:43 +0700 From: Robin Atwood To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] Can't block pop3 attack Date: Sat, 24 Oct 2009 02:49:42 +0700 User-Agent: KMail/1.12.2 (Linux/2.6.30-gentoo-r6; KDE/4.3.2; x86_64; ; ) X-Face: .c^^1Tm5bSr;@/t2T;-0HM`{~wj)F]2C]Zr#!Ig5fi&$LV1E^;5jL{]08F@tj{f3,U( =?utf-8?q?I=5B9=0A=09=3B7R4jB8A7=7Cmw7=7BK=5COYFzCL=5Fe/tAb?=)0_@07[e.}H`OE*na@ =?utf-8?q?7m=3DOp1=2Es0v3=5F3*=7C=3F=23l=7CXD=7Dn*=0A=09ARBV?=@IdaVd!V&bo;Z/TEb}oJi_(}3VOa^tj;$zlk96>K*hb> =?utf-8?q?PYbe6J=60=277qh=60=3Fm!!/k=5Dezl=0A=09=5FVIifMR=234kg*?="'n/S&^4@4: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200910240249.42991.robin.atwood@attglobal.net> X-Archives-Salt: b0264a56-66b8-44f0-aa87-1b10ba756046 X-Archives-Hash: 5f9859d9f119bf360bb92bc23bb0dca3 My syslog is showing zillions of messages: Oct 24 02:25:58 opal xinetd[8054]: START: pop-3 pid=16534 from=61.134.64.199 Oct 24 02:25:59 opal xinetd[16534]: warning: /etc/hosts.allow, line 7: can't verify hostname: gethostbyname(199.64.134.61.broad.gs.dynamic.163data.com.cn) failed Oct 24 02:26:09 opal xinetd[8054]: EXIT: pop-3 status=0 pid=16534 duration=11(sec) I run denyhosts but don't trap pop3 messages so I manually added the IP address to /etc/hosts.deny and..., it made absolutely no difference. I run qpopper which is compiled with xinetd support and xinetd uses tcpd, so I assumed the address would be blocked. Apparently not so. Any ideas? TIA -Robin -- ---------------------------------------------------------------------- Robin Atwood. "Ship me somewheres east of Suez, where the best is like the worst, Where there ain't no Ten Commandments an' a man can raise a thirst" from "Mandalay" by Rudyard Kipling ----------------------------------------------------------------------