SpamBlocker

B

bclancey

Verified User
Joined
May 19, 2004
Messages
35
I am trying to manually add offending IPs to the "bad_sender_hosts" files allowed under the new verison of SpamBlocker.
From the exim mainlog I have the following record for a dictionary attack spammer:

H=(64.180.142.190) [211.204.198.134] P=smtp

Which IP address would be detected and acted upon by SpamBlocker? Should I enter both or just the first IP or just the second IP?


Additionally,

How can I tell the "bad_sender_hosts" file is being used? When I change it, does EXIM need to be reloaded?
 
Last edited:
bclancey said:
I am trying to manually add offending IPs to the "bad_sender_hosts" files allowed under the new verison of SpamBlocker.
From the exim mainlog I have the following record for a dictionary attack spammer:

H=(64.180.142.190) [211.204.198.134] P=smtp

Which IP address would be detected and acted upon by SpamBlocker? Should I enter both or just the first IP or just the second IP?
Click to expand...
The one in the square brackets "[" and "]" is the real IP#. The one in the parentheses "(" and ")" are spoofed, and may even be your own server (all the similar entries in my rejectlog are my server). Always block on the entry within the square brackets, in this case 211.204.198.134, but DO not include the brackets.
How can I tell the "bad_sender_hosts" file is being used? When I change it, does EXIM need to be reloaded?
Click to expand...
You can look for entries in /var/log/exim/rejectlog that block the IP#s you're entering, but not finding any doesn't mean it's not working; only that no emails have been attempted from that IP# since you added it.

You do not have to reload exim, but if you do it'll start working immediately; if not it will take a short but undeterminate amount of time before it starts working.

Jeff
 
Thank you for your advice. Unfortunately, I do not seem to be able to get the code in the latest SpamBlocker version to run on my install. I am at the latest path level for DA.
For whatever reason, I needed to change the exim acl code from
hosts = +bad_sender_hosts
Click to expand...
to the following:

condition = ${lookup{$sender_host_address}lsearch{/etc/virtual/bad_sender_hosts}{true}{false}}
Click to expand...
 
bclancey said:
Thank you for your advice. Unfortunately, I do not seem to be able to get the code in the latest SpamBlocker version to run on my install. I am at the latest path level for DA.
For whatever reason, I needed to change the exim acl code from to the following:
Click to expand...
Can you tell me who gave you that code?

Did s/he explain why you had to switch to it?

Jeff
 
Can you block a range of IP's like iptables or an .htaccess file?

Example:

211.249.115.169 is spamming my users. Unfortunately Spamblocker isn't catching it. This IP is from Korea, I have no need to receive email from Korea....

So, how about blocking 211.249.115. or even 211.249. ? etc....
 
Spamblocker is a simple match, and whitelists don't match ranges.

However there's no reason why you can't do the blocking in iptables, kiss or apf, or in deny.hosts.

I won't go into why you shouldn't blocklist entire countries, but there are lots of good reasons.

Jeff
 
You must log in or register to reply here.
Back
Top