Probably a stupid question.....

Thu Jun 17 17:08:24 IST 2004

Best place probably is in your MTA.

If you're using sendmail, it's easy: edit your /etc/mail/access file to
add a line like this:

IPaddress-or-left-substring-of-IPaddress<tab>REJECT
or, if you want to get more fancy,
IPaddress-or-left-substring-of-IPaddress<tab>ERROR:.5.7.1:"500 Send mail
to <address> if you think your mail was rejected in error."

(You'll want to be root, or to be in a group that has write access to the
files involved. If you're
 using the "send mail to" form, you'll have to whitelist <address> in your
access file.)

Examples: if you want to reject mail from everyone in 38.0.0.0/8

38      REJECT

        everyone in 211.20/16:
211.20  REJECT

        everyone in 123.45.6/24:
123.45.6        REJECT

        the single IP address 78.99.123.4
78.90.123.4     REJECT

        a single domain-based address:
mailer.spam-source.com  REJECT

        all the machines in spam-source.com
spam-source.com REJECT

        all the machines in the ".biz" domain
biz     REJECT

Sendmail doesn't match regular expressions (REs), or provide a way to
block
based on netblocks other than on octet boundaries (/8, 16, /24, and /32)
and
dot-delimited pieces of a Fully-Qualified Domain Name. Other MTAs may
permit
a little more granularity, or match REs, and so on.

Once you've saved the access file, then you do `makemap hash
access<access'
from the /etc/mail directory. The changes take effect immediately.

Other MTAs, other methods.

You can do it in MailScanner, too, but it's really an MTA function.

Mike Andrews
Information Security
Technical Services Division
Oklahoma Dept. of Transportation
mandrews at odot.org

Rob <rob at THEHOSTMASTERS.COM>
Sent by: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
06/17/2004 10:42 AM
Please respond to
MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>

To
MAILSCANNER at JISCMAIL.AC.UK
cc

Subject
Probably a stupid question.....

I have been using Mailscanner for a couple years now, and it works great!
Hats off to all coders involved.

I install it get a few rulesets from a couple websites and all works
great!

But now for the stupid question...

I want to be able to simply block all email coming from one email address
or an IP or a block of IPs.

Where would I add this? In the whitelist file?

Not to sure...

Any help appreciated...

:)

Rob....

-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040617/eb609176/attachment.html