Topic: How do I block External IP address??

[jonnybb1]

Are there any contribs or FAQ's on how to block an external IP address? I am getting 300-400 emails a day from one IP address that AMIVIS is blocking due to the same WORM attachment.

So how can I manually enter this IP address in the deny.hosts file or block this IP address for ever!?

Thanx in advance,
Jonnybb1

[PhilV]

You could try doing a whois on the ip address and then contact their ISP and ask them to block it at source.

[raem]

If you use the method outlined in the Virus & file blocking HOWTO, you won't need to block that IP as the messages themselves will all be rejected before entering your server (assuming the worm attachment matches one of the virus Patterns, which it probably will).

Let us know how you go with it.

http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/howto/Virus%20and%20file%20blocking%20HOWTO%20using%20smtpfront-qmail%20for%20sme%20server.htm

[jonnybb1]

I like this idea of blocking the email types before it enters the mail-system. What I do not want is to block all of the email with attachments. It looks like the procedure to fine-tune this will take a long time.

Is there any way to use IPtables to drop the packets as soon as they hit the firewall??? I am still a little shakey about modifying templates in SME, so I was hoping someone might have a simple cut-sheet on how to block an external ip address using IPtables...

Thanx,

Jonnybb1

[raem]

> What I do not want is to block all of the email
> with attachments. It looks like the procedure to
> fine-tune this will take a long time.

Pattern matching does not block all email with attachments. It only blocks (rejects) email with attachments when the attachment content matches a certain pattern which corresponds to commonly known viruses. All other emails with attachments get delivered as normal. The "gotcha" is that you will not be able to send or receive any type of .exe attachments as they will (mostly) all get blocked, you will have to zip any exe files. That's the only limitation and it is a small price to pay for the massively improved security that you get.

It's not hard to set up, just follow the instructions, carefully. A lot of the HOWTO is further technical explanation for those who want to play or use the feature for other purposes, all the standard settings are enabled by default when you install the rpms.