Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

blacklisting a sender 1

Status
Not open for further replies.
manny1234

manny1234

IS-IT--Management
Mar 13, 2006
58
US
I noticed a specific person is pounding my mail server with spam using different smtp servers. Can I block that individual? How can I go about blocking them? I am using sendmail, qpopper, amavis, clamav, and spamassassin. Here are the headers I.

Code: 
eturn-Path: <dkinealy@gmx.net>
Received: from COLOR-GLO.it7nqwbw.org (dsl-145-244-49.telkomadsl.co.za [165.145.244.49])
	by zim.visionpayments.com (8.13.1/8.13.1) with ESMTP id k4OEQBp0024223;
	Wed, 24 May 2006 10:27:00 -0400 (EDT)
	(envelope-from dkinealy@gmx.net)
Message-Id: <200605241427.k4OEQBp0024223@zim.visionpayments.com>
Received: from unknown (HELO mx0.gmx.net) (213.165.64.100)
        by COLOR-GLO.it7nqwbw.org with SMTP; Wen, 24 May 2006 16:53:41 -0200
From: "Bernice Joyner" <dkinealy@gmx.net>
To: <rcooper@visionpayments.com>
Subject: [fwd] Check out for HOT NEWS!!!
Date: Wen, 24 May 2006 16:53:41 -0200
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: YZRJtehq9m2JnUfMu59TtJb407oqodDWxZym
Content-Type: text/html;
        charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new
X-UIDL: *!Y!!fdI!!>G2!!:P%"!
Code: 
Return-Path: <tate.eatonsli@gmail.com>
Received: from hnjkkh1h.mfi5uviq.optonline.net (dsl-145-244-49.telkomadsl.co.za [165.145.244.49])
	by zim.visionpayments.com (8.13.1/8.13.1) with ESMTP id k4OEO2cx024156;
	Wed, 24 May 2006 10:24:32 -0400 (EDT)
	(envelope-from tate.eatonsli@gmail.com)
Message-Id: <200605241424.k4OEO2cx024156@zim.visionpayments.com>
Received: from unknown (HELO alt2.gmail-smtp-in.l.google.com) (64.233.163.114)
        by hnjkkh1h.mfi5uviq.optonline.net with SMTP; Wen, 24 May 2006 16:51:12 -0200
From: "Luz Mccall" <tate.eatonsli@gmail.com>
To: <hholliday@visionpayments.com>
Subject: [fwd] Check out for HOT NEWS!!!
Date: Wen, 24 May 2006 16:51:12 -0200
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: d2NUhZ1NRJkScrlpkgR8FXtDZ9KBw3hAMlTp
Content-Type: text/html;
        charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new
X-UIDL: MWa!!p$H!!W9f"!dHH!!
Code: 
Return-Path: <tamsenriordan@gmx.de>
Received: from hnjkkh1h.mfi5uviq.optonline.net (dsl-145-244-49.telkomadsl.co.za [165.145.244.49])
	by zim.visionpayments.com (8.13.1/8.13.1) with ESMTP id k4OEO2cr024156;
	Wed, 24 May 2006 10:24:11 -0400 (EDT)
	(envelope-from tamsenriordan@gmx.de)
Message-Id: <200605241424.k4OEO2cr024156@zim.visionpayments.com>
Received: from unknown (HELO mx0.gmx.net) (213.165.64.100)
        by hnjkkh1h.mfi5uviq.optonline.net with SMTP; Wen, 24 May 2006 16:50:51 -0200
From: "Nicole Slater" <tamsenriordan@gmx.de>
To: <cgregory@visionpayments.com>
Subject: [fwd] Check out for HOT NEWS!!!
Date: Wen, 24 May 2006 16:50:51 -0200
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: GDvtDZP6mF4eil7K0RG81RD9hDmt69xorjnU
Content-Type: text/html;
        charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new
X-UIDL: ~U+!!4WG!!W1j!!6U~!!

It looks to me like I want to deny anything from 165.145.244.49.
 
Sort by date Sort by votes
You can do this from within your access file.

Add this to your access file
Code: 
165.145.244.49	REJECT
or
Code: 
165.145.244.49	550 We do not accept mail from idiots
Then rebuild the DBM
Code: 
makemap hash /etc/mail/access < /etc/mail/access
And restart sendmail
Code: 
killall -SIGHUP sendmail

M. Brooks
 
Upvote 0 Downvote
Is there really a need to restart sendmail after editing the access file??? Isn't is just a matter of running makemap hash ...?
 
Upvote 0 Downvote
you do however need to run newaliases to get aliases to update :)
 
Upvote 0 Downvote
so here is what I have in my access list
Code: 
192.168.0       RELAY
165.145.244.49  REJECT
81.             REJECT
82.             REJECT
83.             REJECT
85.             REJECT
217.            REJECT
24.225.         REJECT
222.            REJECT
196.            REJECT

And I am still getting mail from the 82.255.255.255 network and 222.255.255.255 network. The IP address I used in the example above is the sender not the smtp server they are relaying from. Can you block senders?
 
Upvote 0 Downvote
Hmm.. That should work. If you want to block specific senders you do.
Code: 
user@              550 We do not accept mail from idiots
domain.com         REJECT
other.domain.com   550 We do not accept mail from idiots

M. Brooks
 
Upvote 0 Downvote
what if I want to block entire networks? ie the 82.0.0.0 network?
 
Upvote 0 Downvote
lol I figured it out. Me and my attention to detail, or lack there of.

I was putting a period after the ip addresses... oops.
 
Upvote 0 Downvote
Is it possible for someone to spoof the IP address they are sending their mail from? Or can I safely assume the IP address in the header is where the mail is actually coming from?
 
Upvote 0 Downvote
People can always spoof. But that is very unlikely. the spammers you need to worry about are the kind that blast e-mail's from a random address. In cases like those greylisting works great. I use it on servers that handle over 40 million messages (90% of the total it is spam or viruses) a month.

M. Brooks
 
Upvote 0 Downvote
thanks. A buddy of mine was talking to me about that probably a year ago. At that point Spam Assassin was working fine for me.... Not so much anymore though.
 
Upvote 0 Downvote
I use SpamAssasin as well. That is my second level of protection for any stragglers that might get through.
I use ClamAV as the final level of protection after all the crap gets filtered out.

M. Brooks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

JRFEG
  • Locked
  • Question
Hack attempts overloading server by hogging memory
Replies
0
Views
605
JRFEG
JRFEG
mduddytel
  • Locked
  • Question
How to save a huge Sent folder then clear it - Linux
Replies
0
Views
556
mduddytel
mduddytel
jamby
  • Locked
  • Question
system emails not being masqueraded while command line calls ar
Replies
0
Views
547
jamby
jamby
bazil2
  • Locked
  • Question
Sending informative mail if sender's mail exceeds MB size limit - can this be done? 1
Replies
1
Views
75
ChrisHirst
ChrisHirst
jfmays
  • Locked
  • Question
ubu.bank being rejected as unknown tld
Replies
0
Views
295
jfmays
jfmays

Part and Inventory Search

Sponsor

Back
Top