<br><font size=2 face="sans-serif">Best place probably is in your MTA.
</font>
<br>
<br><font size=2 face="sans-serif">If you're using sendmail, it's easy:
edit your /etc/mail/access file to add a line like this: </font>
<br>
<br><font size=2 face="sans-serif">IPaddress-or-left-substring-of-IPaddress<tab>REJECT</font>
<br><font size=2 face="sans-serif">or, if you want to get more fancy, </font>
<br><font size=2 face="sans-serif">IPaddress-or-left-substring-of-IPaddress<tab>ERROR:.5.7.1:"500
Send mail to <address> if you think your mail was rejected in error."</font>
<br>
<br><font size=2 face="sans-serif">(You'll want to be root, or to be in
a group that has write access to the files involved. If you're </font>
<br><font size=2 face="sans-serif"> using the "send mail to"
form, you'll have to whitelist <address> in your access file.)</font>
<br>
<br><font size=2 face="sans-serif">Examples: if you want to reject mail
from everyone in 38.0.0.0/8</font>
<br>
<br><font size=2 face="sans-serif">38 REJECT</font>
<br>
<br><font size=2 face="sans-serif"> everyone
in 211.20/16:</font>
<br><font size=2 face="sans-serif">211.20 REJECT</font>
<br>
<br><font size=2 face="sans-serif"> everyone
in 123.45.6/24:</font>
<br><font size=2 face="sans-serif">123.45.6 REJECT</font>
<br>
<br><font size=2 face="sans-serif"> the
single IP address 78.99.123.4</font>
<br><font size=2 face="sans-serif">78.90.123.4 REJECT</font>
<br>
<br><font size=2 face="sans-serif"> a
single domain-based address:</font>
<br><font size=2 face="sans-serif">mailer.spam-source.com
REJECT</font>
<br>
<br><font size=2 face="sans-serif"> all
the machines in spam-source.com</font>
<br><font size=2 face="sans-serif">spam-source.com
REJECT</font>
<br>
<br><font size=2 face="sans-serif"> all
the machines in the ".biz" domain</font>
<br><font size=2 face="sans-serif">biz REJECT</font>
<br>
<br><font size=2 face="sans-serif">Sendmail doesn't match regular expressions
(REs), or provide a way to block</font>
<br><font size=2 face="sans-serif">based on netblocks other than on octet
boundaries (/8, 16, /24, and /32) and </font>
<br><font size=2 face="sans-serif">dot-delimited pieces of a Fully-Qualified
Domain Name. Other MTAs may permit </font>
<br><font size=2 face="sans-serif">a little more granularity, or match
REs, and so on. </font>
<br>
<br><font size=2 face="sans-serif">Once you've saved the access file, then
you do `makemap hash access<access' </font>
<br><font size=2 face="sans-serif">from the /etc/mail directory. The changes
take effect immediately. </font>
<br>
<br><font size=2 face="sans-serif">Other MTAs, other methods. </font>
<br>
<br><font size=2 face="sans-serif">You can do it in MailScanner, too, but
it's really an MTA function. </font>
<br>
<br><font size=2 face="sans-serif">Mike Andrews<br>
Information Security<br>
Technical Services Division<br>
Oklahoma Dept. of Transportation <br>
mandrews@odot.org</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>Rob <rob@THEHOSTMASTERS.COM></b>
</font>
<br><font size=1 face="sans-serif">Sent by: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK></font>
<p><font size=1 face="sans-serif">06/17/2004 10:42 AM</font>
<table border>
<tr valign=top>
<td bgcolor=white>
<div align=center><font size=1 face="sans-serif">Please respond to<br>
MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK></font></div></table>
<br>
<td width=59%>
<table width=100%>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td valign=top><font size=1 face="sans-serif">MAILSCANNER@JISCMAIL.AC.UK</font>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td valign=top>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td valign=top><font size=1 face="sans-serif">Probably a stupid question.....</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=2 face="Arial">I have been using Mailscanner for a couple
years now, and it works great! Hats off to all coders involved.</font>
<br><font size=3> </font>
<br><font size=2 face="Arial">I install it get a few rulesets from a couple
websites and all works great!</font>
<br><font size=3> </font>
<br><font size=2 face="Arial">But now for the stupid question...</font>
<br><font size=3> </font>
<br><font size=2 face="Arial">I want to be able to simply block all email
coming from one email address or an IP or a block of IPs.</font>
<br><font size=3> </font>
<br><font size=2 face="Arial">Where would I add this? In the whitelist
file? </font>
<br><font size=3> </font>
<br><font size=2 face="Arial">Not to sure...</font>
<br><font size=3> </font>
<br><font size=2 face="Arial">Any help appreciated...</font>
<br><font size=3> </font>
<br><font size=2 face="Arial">:)</font>
<br><font size=3> </font>
<br><font size=2 face="Arial"><br>
Rob....</font>
<br><font size=2 face="Arial"> </font>
<br><font size=3><br>
</font>
<br><font size=3>-------------------------- MailScanner list ----------------------<br>
To leave, send leave mailscanner to </font><a href=mailto:jiscmail@jiscmail.ac.uk><font size=3 color=blue><u>jiscmail@jiscmail.ac.uk</u></font></a><font size=3><br>
Before posting, please see the Most Asked Questions at</font><font size=3 color=blue><u><br>
</u></font><a href=http://www.mailscanner.biz/maq/><font size=3 color=blue><u>http://www.mailscanner.biz/maq/</u></font></a><font size=3>
and the archives at</font><font size=3 color=blue><u><br>
</u></font><a href=http://www.jiscmail.ac.uk/lists/mailscanner.html><font size=3 color=blue><u>http://www.jiscmail.ac.uk/lists/mailscanner.html</u></font></a>
<br>
-------------------------- MailScanner list ----------------------<br>
To leave, send leave mailscanner to <a href="mailto:jiscmail@jiscmail.ac.uk">jiscmail@jiscmail.ac.uk</a><br>
Before posting, please see the Most Asked Questions at<br>
<a href="http://www.mailscanner.biz/maq/">http://www.mailscanner.biz/maq/</a> and the archives at<br>
<a href="http://www.jiscmail.ac.uk/lists/mailscanner.html">http://www.jiscmail.ac.uk/lists/mailscanner.html</a><br>