Blocking port 25 scanners

How it's used
This script is run in one of two ways:

1. Under tcpserver as a supervised daemon, and it listens on port 25 of IPs that don't have MX records. So it catches nasties that scan IP space for mail servers before it ever hits my real mail server. Go ahead and telnet to port 25 of 72.29.111.130 and see what happens (but do NOT do it from your mail server, else you won't be able to email me for a few days).

2. by other scripts, which pass in an IP as the first argument.

Script
PFCTL="/sbin/pfctl" BAD_IP=$1 MESSAGE="Added $BAD_IP to the spamd table." if [ -z $BAD_IP ]; then BAD_IP=$TCPREMOTEIP MESSAGE="Hi $BAD_IP. You came, you probed, and now you are blacklisted." fi if [ -z $BAD_IP ]; then echo "usage: $0 ip.ad.dr.ess" exit 1 fi $PFCTL -q -t spamd -Tadd $BAD_IP echo $MESSAGE $PFCTL -q -k $BAD_IP exit 1
 * 1) !/bin/sh
 * 2) by matt@tnpi.net - 02/27/2007
 * 1) add them to the PF spamd table
 * 1) kill all state entries for the blocked host