Pickup event for SMTP IP blocking

Discussion forum for Enterprise Edition.
Post Reply
webshaun
Posts: 246
Joined: Wed May 25, 2005 8:37 pm
Location: NJ
Contact:

Pickup event for SMTP IP blocking

Post by webshaun » Mon Feb 13, 2012 5:12 pm

I'm trying to figure out how to automatically block IP access to my SMTP connector that come from IP's where they get past greylisting and then subsequently get banned. Here's another way of describing it:

Spammer hits server, gets blocked by greylist.
Spammer comes back to server after a few minutes then gets blocked by Reverse DNS Blacklist

I want an action to be taken which permabans that IP from SMTP access.

I tried looking around at filters but i'm not exactly sure if that is the right way to go.

Thank you!
---
Shaun Rieman
Advanced Micro Technologies, LLC

webshaun
Posts: 246
Joined: Wed May 25, 2005 8:37 pm
Location: NJ
Contact:

Re: Pickup event for SMTP IP blocking

Post by webshaun » Tue Feb 14, 2012 5:14 pm

Though this is a manual daily task, likely redundant, here's how I'm getting the data into smtp-access.tab from the DNS blacklist denials:

Copy entire log into excel. Filter data down to the IP address by sorting and highlighting/deleting duplicates. Copy/Paste :

1 <cell> CONNECT <cell> SYSTEM

next to each IP. (can copy/paste from original file)

Copy/Paste original blocked IP's into excel at the end of the new list.

Cop/Paste into smtp-deny.tab after the default 127.0.0.1 line and save file. (may need to shut down SMTP service and/or delete the original smtp-deny.tab file to save the new file.

Though this might not help reduce spam, it should reduce attacks.

My new question is: Is there a limit to the number of IP's listed in smtp-deny.tab?

Thank you!
---
Shaun Rieman
Advanced Micro Technologies, LLC

Post Reply