<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
YES!<br>
With the proliferation of noisy virues, autoblocking via IP (either on
server, in MTA, or firewall) is extremely appealing.<br>
<br>
But I like the idea of maintaining an internal DNS RBL instead of
direct updates to access db or firewall rules because we can then be
very flexible in what we chose to do with the "bad" IPs. (i.e. from
RBL we could create firewall rules, reject at MTA, etc) or add to
spamassassin score, etc. <br>
<br>
RBL would make it easy to cooperate with others (via zone transfers?)
and "share the wealth"<br>
<br>
So I am interested if anyone has integrated RBL updates into the
following code? or has other experience integrating RBL updates into
MailScanner.<br>
<br>
1) vispan . I like the stats part of it, I am not sure how it decides
what to block(heuristics?), but it appears to block an IP based on
receipt of a (configurable number) of spams/viruses from that IP in a
day.<br>
<br>
It does direct updates to sendmail access db. I also noticed a bug
that there was a problem under solaris w/ it?<br>
<br>
2)Customconfig.pm with IP Block in Mailscanner<br>
<br>
It has a whitelist, good. <br>
<br>
It ratelimits based on # of messages (an hour?) . It appears to be
configurable based on source IP block (I.E accept 200 messages from a
particular source IP in an IPblock we expect legitimate mail from less
from others. This flexibility would be useful.<br>
<br>
it updates sendmail access db. I saw recent code posted which does
update to iptables?<br>
<br>
3) I emailed to virbl<a class="moz-txt-link-freetext"
href="http://virbl.bit.nl/">http://virbl.bit.nl/</a> - to get their
code and attempt a local RBL from it. their code works with amavis...
has anyone else tried to modify it to use Mailscanner?<br>
<br>
<br>
<br>
Randal, Phil wrote:<br>
<blockquote type="cite"
cite="mid801403078973F243A6A74322E134AF500F2293@mail.herefordshire.gov.uk">
<pre wrap="">Karl M. Joch wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hello,
I was looking to add a script to automaticly block IPs of
Virus senders in the firewall. Is there any way to run a
script when finding a Virus, or Spam, getting the sender IP
in a variable? All of our servers updates the firewall from a
central point and the blocks are removed every night. This
would help against mass mail viruses alot. I know this can be
dangerous when blocking some ISPs mail server but maybe this
helps that some ISPs blocks some traffic at their servers
too. Finally the ISP mail server will retry to send the
emails for a loger time, but mails from a workstation having
a virus are mostly sent direct and not queued somewhere which
will bring the traffic and the system load for virus scanning down.
</pre>
</blockquote>
<pre wrap=""><!---->
Vispan does this by blocking the virus sender's IP in your
Sendmail "access" file.
See <a class="moz-txt-link-freetext" href="http://www.while.homeunix.net/mailstats/">http://www.while.homeunix.net/mailstats/</a>
Cheers,
Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to <a class="moz-txt-link-abbreviated" href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a>
Before posting, please see the Most Asked Questions at
<a class="moz-txt-link-freetext" href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a> and the archives at
<a class="moz-txt-link-freetext" href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="82">--
----
MHO
---
shanna leonard
arizona health sciences library
626-2923
----------------------------------
</pre>
</body>
</html>
-------------------------- MailScanner list ----------------------<br>
To leave, send leave mailscanner to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a> and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>