Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

IP Blacklisting

1 view
Skip to first unread message

Shaun Gamble

unread,
Jan 10, 2003, 12:58:53 AM1/10/03
to
I'm not sure if this can be done already or not, I can't
find it if it is, and I'm sure this is still in the wish
list.

If an IP address starts dumping emails at an above
nominated rate, then I want that IP address temporarily
banned from making a connection. In other words, it
reaches the maximum level nominated by me, and any further
IP connections from this IP address will be simply
rejected. This would stop dictionary attacks and mass
spamming.

I currently use

<*@blacklisted> = account#SpamBL

in the router as one of the partners of our company uses a
blacklisted ISP. And I want to accept email from his email
address but no other user of the ISP. And of course he
uses dial up.

Shaun.
IT Manager
Redco Investments
SpamTo: spam...@darkelf.com.au

#############################################################
This message is sent to you because you are subscribed to
the mailing list <CGat...@mail.stalker.com>.
To unsubscribe, E-mail to: <CGateP...@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePr...@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePr...@mail.stalker.com>
Send administrative queries to <CGatePro...@mail.stalker.com>

Duane Hill

unread,
Jan 10, 2003, 1:56:26 AM1/10/03
to
Forgive me if I am far off here.

All versions of Perl have a File::Tail module that can be installed. A
Perl module could be ran from the server indefinatlly monitoring the log
files. Thus, collecting IP addresses that have successfully delivered
messages. Through the use of the CLI interface, if messages have been
coming in at a rate of x (defined in the script) in a time of y (defined
in the script), the script could automatically add the IP address to the
SMTP listener deny list.

The log file reports the following when a message has been successfully
received for delivery:

SMTPI-xxxxxxx([xxx.xxx.xxx.xxx]) [xxxxxxx] received, 46264 bytes
or
SMTPI-xxxxxxx(domain.dom) [xxxxxxx] received, 46264 bytes

And the following line is from when an IP that has been denied from the
SMTP listener:

SMTP connection to port [0.0.0.0:25] from [xxx.xxx.xxx.xxx:xxxx] denied

This is ALOT of work from the OUTSIDE that should be on the INSIDE. I
don't know if I am going to be able to get it to work as I am running on
Windows 2000 Server. Seems there are alot of things that work better if
running from a Linux box from the stand point of working with data.

Email me off list if you would like to know more.

Technical Support

unread,
Jan 13, 2003, 7:21:28 AM1/13/03
to
Hello, on 10.01.2003 08:58, Shaun Gamble at lis...@redco.com.au wrote:

> I'm not sure if this can be done already or not, I can't
> find it if it is, and I'm sure this is still in the wish
> list.
>
> If an IP address starts dumping emails at an above
> nominated rate, then I want that IP address temporarily
> banned from making a connection. In other words, it
> reaches the maximum level nominated by me, and any further
> IP connections from this IP address will be simply
> rejected. This would stop dictionary attacks and mass
> spamming.
>
> I currently use
>
> <*@blacklisted> = account#SpamBL
>
> in the router as one of the partners of our company uses a
> blacklisted ISP. And I want to accept email from his email
> address but no other user of the ISP. And of course he
> uses dial up.

Why not to add the IP of that blacklisted ISP into the WhiteList section of
the Protection settings?

--
Best regards,
Dmitry Akindinov

=======================================================================
When answering to letters sent to you by the tech.support staff, make
sure the original message you have received is included into your reply.

Shaun Gamble

unread,
Jan 13, 2003, 11:13:56 PM1/13/03
to
As the clock struck Mon, 13 Jan 2003 15:21:28
+0300,Technical Support <sup...@stalker.com> wrote:

>Hello, on 10.01.2003 08:58, Shaun Gamble at
>lis...@redco.com.au wrote:

<snip>

>> I currently use
>>
>> <*@blacklisted> = account#SpamBL
>>
>> in the router as one of the partners of our company uses
>>a
>> blacklisted ISP. And I want to accept email from his
>>email
>> address but no other user of the ISP. And of course he
>> uses dial up.
>
>Why not to add the IP of that blacklisted ISP into the
>WhiteList section of
>the Protection settings?

Because as mentioned, his ISP is well known for hoarding
spammers (Hong Kong based ISP). And the user is dialup
which means he has a dynamically assigned IP address from
his ISP. He uses his ISP's email server, as does a heap of
spammers. So whitelisting the ISP will bring a heap of
spam into my system.

Shaun.
IT Manager
Redco Investments
SpamTo: spam...@darkelf.com.au

#############################################################

0 new messages