Using IP address to block e-mails.....
none
address, not just the e-mail?
Thank you,
John.
Jay Garcia
--- Original Message ---
How are you "blocking" an email? AFAIK there is no mechanism to block an
email, only filter it to junk. Blocking an IP address is actually a
function associated with your server operating system. In UNIX / Linux
it is a simple task.
--
Jay Garcia - Netscape/Flock Champion
www.ufaq.org
Netscape - Flock - Firefox - Thunderbird - Seamonkey Support
Bob Jamieson
You may be able to have your antivirus or your firewall block IP addresses.
Also, I think OpenDNS and some safe-link add ons (like WOT) can be
configured to do that.
And, you can add the IP address to your hosts file.
So, their may be several ways to do it outside your email client.
BJ
--
Bob Jamieson
Remove the "no spam" before replying via email
Beauregard T. Shagnasty
> none wrote, On 01/03/2010 04:13 AM:
>> As the title says, is it possible to make a rule that blocks an IP
>> address, not just the e-mail?
>
> You may be able to have your antivirus or your firewall block IP
> addresses.
>
> Also, I think OpenDNS and some safe-link add ons (like WOT) can be
> configured to do that.
>
> And, you can add the IP address to your hosts file.
>
> So, their may be several ways to do it outside your email client.
The only IP address that a-v/firewall/dns/hosts could block (WRT
receiving email) would be the IP of his mail server. None of those
methods could block based on the originating IP of the creator of the
email (which it seems is what he wants to do).
So the answer is: No, it is not possible. :-)
--
-bts
-Four wheels carry the body; two wheels move the soul
Ryan P.
> The only IP address that a-v/firewall/dns/hosts could block (WRT
> receiving email) would be the IP of his mail server. None of those
> methods could block based on the originating IP of the creator of the
> email (which it seems is what he wants to do).
>
> So the answer is: No, it is not possible. :-)
But I see what he's getting at... if you happen to notice that you get
a lot of junkmail from the same ip address, but they're always spoofing
the domain name, it'd be nice to be able to at least automatically route
anything from that source to junk.
Of course, that supposes that they are not spoofing the X-Originating
IP header, as well.
Jay Garcia
--- Original Message ---
The user's IP address is assigned by the ISP's server either by DHCP or
Fixed. If fixed, then the IP address can effectively be blocked by the
recipient's ISP configuration but not in the mail application. It can
also be done easily in the HOSTS file.
Looking at your header, if your IP is:
NNTP-Posting-Host: 66.66.36.79
If that IP is fixed then I can easily deny you acceess to my entire
server or deny any email from you altogether. If it is not fixed but
rather dynamic then I would have to block a range that includes your IP
address. Also easily done.
If TB allows a custom filter on NNTP-Posting-Host then you should be
able to filter on IP, dunno haven't tried it.
Beauregard T. Shagnasty
> Beauregard T. Shagnasty wrote:
>> The only IP address that a-v/firewall/dns/hosts could block (WRT
>> receiving email) would be the IP of his mail server. None of those
>> methods could block based on the originating IP of the creator of
>> the email (which it seems is what he wants to do).
>>
>> So the answer is: No, it is not possible. :-)
>
> But I see what he's getting at...
As do I.
> if you happen to notice that you get a lot of junkmail from the same
> ip address, but they're always spoofing the domain name, it'd be nice
> to be able to at least automatically route anything from that source
> to junk.
My experience with spam is that it rarely continues from the same IP
address for any length of time, and usually lasts just for a burst
before moving to a different one. As an example, I've got one of my
addresses on a persistent spammer's list. All of them come from Romania.
The IP address changes all the time. However, TB's native spam filtering
handily funnels them all into the Junk folder, which is set to delete
after one day.
> Of course, that supposes that they are not spoofing the X-Originating
> IP header, as well.
Without seeing several samples of the mail he wants to block, it is
possible there may be other ways to block it, especially with the
enhanced capabilities of Tb3. (I'm still using Tb2)
Jay Garcia
--- Original Message ---
Bah ... that's right - mail !!! 8-)
Beauregard T. Shagnasty
> Bah ... that's right - mail !!! 8-)
<g> Nir beat me to replying... Most email comes from someone's ISP's
mail server, too, not from an individual's PC. Some spam comes through
regular mail servers, some comes directly via SMTP from zombied PCs. The
zombies could be blocked, I suppose, 'cept the spammer-in-control will
move on to another zombie after each batch of crap he sends.
Naturally, this necessitates constant additions to whatever is blocking
the IPs. It's almost as bad as adding FROM addresses to your blocker
because one sent you a spam. Chances are good that's the only spam you'd
ever receive from that exact address, so you end up with a huge block
list that only drags down performance but is worthless.
Bob Jamieson
Perhaps I phrased it wrong. By "outside your email client", I meant
blocking IP's NOT mail. Also, I may have twisted the OP's intent.
Reading through this thread, however, it seems there may be a way to do
it within TB . . . but I agree that blocking spam IP's is pretty much
useless since the spammers rarely use the same IP twice.
g
> Reading through this thread, however, it seems there may be a way to do
> it within TB . . . but I agree that blocking spam IP's is pretty much
> useless since the spammers rarely use the same IP twice.
_if_ emails are from same address, using 'body' or 'header' will/should
pick up on address and apply filtering.
--
peace out.
tc,hago.
g
.
****
in a free world without fences, who needs gates.
**
help microsoft stamp out piracy - give linux to a friend today.
**
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at it.
**
learn linux:
'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html
'The Linux Documentation Project' http://www.tldp.org/
'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge' http://howtoforge.com/
****
Ken Whiton
*-* In Article <ut-dnXdSZa_oWN3W...@mozilla.org>,
*-* Jay Garcia wrote
*-* About Re: Using IP address to block e-mails.....
[ ... ]
> Looking at your header, if your IP is:
>
> NNTP-Posting-Host: 66.66.36.79
>
> If that IP is fixed then I can easily deny you acceess to my entire
> server or deny any email from you altogether. If it is not fixed but
> rather dynamic then I would have to block a range that includes your
> IP address. Also easily done.
>
> If TB allows a custom filter on NNTP-Posting-Host then you should be
> able to filter on IP, dunno haven't tried it.
As Nir and others have already pointed out, and you have
acknowledged, the NNTP-Posting-Host header is news-related, not
e-mail-related. Furthermore, even in a news-related situation
attempting to filter on that header could be a hit-or-miss
proposition, since not all originating news servers add that header.
Giganews and Google do, but many others don't, and some that do don't
use the IP address in it. For example, my ISP outsources news to the
Newsguy premium news service, and here are the contents of the
NNTP-Posting-Host header on a couple of my recent Usenet posts:
p3d5d4c6a45d4bd3a6520cef828ba455173ca27c5f51e755a07f2cb9e933dd6dbe5cb945c76f902eb.newsdawg.com
pd20f1043481701b05f8126471d33a08f3cac48ae7ebf49477b144f350e60abfef7ef182c362b4f92.newsdawg.com
Those were posted from the same IP address, so however that string is
generated there's more to it than just the IP address.
Ken Whiton
--
FIDO: 1:132/152
InterNet: kenw...@surfglobal.net.INVAL (remove the obvious to reply)
Paul B
You may be able to write a Custom filter on the Received header.
But that would only hit as the mail comes in (with a POP acct,
anyway). Or you maybe could do similar at the server level with a
provider such as gmail. Or you could use a proxy server that can
delete from remote server without downloading, which I don't
think TB does.
--
T-Bird 3.0b4 for mail; Dialog for news; WinXP-h.
ANONYMOUS
You can't. There aren't any email clients that can do this otherwise
people would block the entire country like China or Korea where majority
of spam is sent from.
I have been looking for this for the past 12 years and even uncle Bill
didn't have the solution with all the dollars at his disposal.
