blocking an email based on it's IP

Antony Stone Antony at SOFT-SOLUTIONS.CO.UK
Mon Sep 1 17:07:29 IST 2003


On Monday 01 September 2003 4:45 pm, Spicer, Kevin wrote:

> John Williams wrote:
> > Please forgive me if I've missed this post, but is there a way to
> > look at the IP address of incoming mail and filter/blacklist it based
> > on that?
>
> Add it to sendmails access database.  However, maybe you also have genuine
> email from that IP?   Best way to block sobig is to use sendmail subject
> matching, search the archives for a set of rules.

Unlikely you'll get genuine mail from that IP address, because Sobig sends
directly from infected client to (low priority) MX listed mail server,
bypassing client's normal outbound mail server.

Genuine emails from that client should go via the client's local (or ISP)
mail server first, so you won't end up blocking them.

Antony.

--

In science, one tries to tell people
in such a way as to be understood by everyone
something that no-one ever knew before.

In poetry, it is the exact opposite.

 - Paul Dirac



More information about the MailScanner mailing list