Koozali.org: home of the SME Server

How to Create Custom Template to Block IP

netdesignns

How to Create Custom Template to Block IP
« on: August 12, 2007, 10:13:57 AM »
Am trying to create a custom template to block IP addresses that are swamping the mail server.
In the SME 7 documentation there is a reference to do it but the path on SME 6 must be different?
The path to save the custom template in SME 7 is given as:
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40DenyRiffRaff

However in SME 6 only this part of the path exists:
/etc/e-smith/templates-custom/etc/
The other directories don't exist or are somewhere else so as a result any attempt to save the file from pico returns an error for directory or file does not exist.

Any help appreciated as we are trying to block about 30 IP addresses that keep hammering the server with mail for clients that don't exist and the RBLs check is not picking them up. :cry:

Offline raem

  • *
  • 3,972
  • +4/-0
Re: How to Create Custom Template to Block IP
« Reply #1 on: August 12, 2007, 11:14:11 AM »
netdesignns

Make the directory structure first
mkdir -p /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/
...

netdesignns

How to Create Custom Template to Block IP
« Reply #2 on: August 13, 2007, 04:25:08 PM »
Thanks Ray have got the path OK however when I use the example given for SME 7 I get the following error which indicates that it does not like the protocol or something else after checking help added -p smtp but it still did not like it when restarted so for the following line in the file:
/sbin/iptables/ -A INPUT -s 69.212.12.76/32 -p smtp - j DROP

We get the following error when masq is restarted:
Enabling IP masquerading Bad argument :25
Bad argument :3128
Unknown Protocol smtp
I have left out the references to lookup help which were a bit succint and did not help?
Leaving out the -p smtp does not change the error, changing the mask from 32 to 24 does not change the error.
So I am almost there but I think that there must be something different in this code example for SME 7 and SME 6 to add to the masq rules.
Doing a service masq status does not bring up this rule which it clearly does not like.
Hope you can assist.

Offline raem

  • *
  • 3,972
  • +4/-0
Re: How to Create Custom Template to Block IP
« Reply #3 on: August 13, 2007, 05:49:00 PM »
netdesignns

Quote
/sbin/iptables/ -A INPUT -s 69.212.12.76/32 -p smtp - j DROP


You have really got to be careful when doing these things. You have an extra trailing slash !

/sbin/iptables -A INPUT -s 69.212.12.76/32 -j DROP

Leave out the -p smtp part, you can probably leave out the /32 part too

restart masq using
/etc/init.d/masq restart
...