spamming through the firewall

Hello,
since some time my postfix notices following spam:

Jan 30 09:40:08 orion postfix/smtpd[24622]: connect from
63-253-146-115.ip.mcleodusa.net[63.253.146.115]
Jan 30 09:40:08 orion postfix/smtpd[24622]: NOQUEUE: reject: RCPT from
63-253-146-115.ip.mcleodusa.net[63.253.146.115]: 450
<gw1.office.wwdl.net.>: Helo command rejected: Host not found;
from=<51600@newsletter.wwdl.net> to=<my address> proto=ESMTP
helo=<gw1.office.wwdl.net.>
....
Jan 30 09:45:08 orion postfix/smtpd[24622]: timeout after RSET from
63-253-146-115.ip.mcleodusa.net[63.253.146.115]
Jan 30 09:45:08 orion postfix/smtpd[24622]: disconnect from
63-253-146-115.ip.mcleodusa.net[63.253.146.115]

the amount forced me to add the iptables rule seen with -L option:

DROP all -- anywhere 63.252.0.0/14

but the spam still appears !
can the spammer change it's IP ?
the mail is rejected, but the spammer seams to occupy the connection.
is it possible, that he enters with another IP and than later on
his target IP 63.253.146.115 won't pass through the firewall, which
causes the timeout ?

what can be done in such case ?

regards, zbyszek
--
http://zbyszek.evot.org

>
> DROP all -- anywhere 63.252.0.0/14
>
I had an error in the firewall,
iptables rule order war wrong

z
--
http://zbyszek.evot.org

Zbigniew Lisiecki wrote:

> reject: RCPT from 63-253-146-115.ip.mcleodusa.net[63.253.146.115]:
> 450 <gw1.office.wwdl.net.>: Helo command rejected: Host not found;
> the mail is rejected, but the spammer seams to occupy the connection


It's not actually "rejecting" the email. It's sending them a 450 "try again later" code.


Try sending them a 554 rejection code, then maybe there wouldn't be so many
connections (retries) from them.

--
Greg