[CentOS] Sendmail SMTP Brute-Force Attack

Thu Jun 14 23:49:31 UTC 2012
John R Pierce <pierce at hogranch.com>

On 06/14/12 4:33 PM, Gustavo Lacoste wrote:
> I need help for STOP this spamers right now.
> Thanks in advance to anyone who can guide me

2 of the three relay IPs listed in your log fragment are listed on 
spamhaus' Zen combined list, http://www.spamhaus.org/zen/

this is free for use by low volume non-commercial email servers. see the 
terms linked on the above URL.
adding the following line to your sendmail.mc file, then rebuilding the 
.cf and restarting sendmail would reject all mail connections from 
servers listed via Spamhaus.

FEATURE(dnsbl,`zen.spamhaus.org',`Message from $&{client_addr} rejected 
- see http://www.spamhaus.org/SBL/sbl-rationale.html') dnl

(note this file is in M4 syntax, and has to use 'funny' quoting, with a 
` as the opening quote).

john r pierce                            N 37, W 122
santa cruz ca                         mid-left coast