[Greylist-users] Blacklisting an IP - outside of Greylist

[Chuck Amadi]

Dennis Wynne wrote:
> We have one IP that is really hitting on us, the blocked count in the 
> greylist database shows 32,552 blocks since I blacklisted them.
>
> One message snuck through this morning, they hit us so often that during the 
> time the daily stop/start of the script was going on the message snuck 
> through.
>
> To avoid having to look this number up over and over in the database all day 
> and have any mail sneak by in case the script is down for any reason, I want 
> to block this IP at the earliest or best spot (lease overhead for my system) 
> that I can.
>
> Thoughts:
>
> 1) I can put it in the access sendmail "database" with an entry like:
>
> Connect:1.1.1.1           REJECT
>
>
> 2) I can add them to the iptables "firewall" with something like this:
>
> -A RH-Firewall-1-INPUT -d 1.1.1.1 -j REJECT
>
>
> 3) I could get them listed on one of the real-time black lists I use - they 
> currently are not listed. This seems the least sure and still has high 
> overhead, I would think.
>
>
> Any other options?
>
> Thanks!
> Dennis
>
>
>
>
> _______________________________________________
> Greylist-users mailing list
> Greylist-users at lists.puremagic.com
> http://lists.puremagic.com/cgi-bin/mailman/listinfo/greylist-users
>
>   
Hi

Just to confirm my iptable chain rule to drop a ip address anywhere is 
below::

On the CLI I run.
iptables -A INPUT -s 58.223.251.3  -p TCP -j DROP
iptables -L

I hope this helps.

-- 
Chuck Amadi
ROK Corporation Limited
Ty ROK,
Dyffryn Business Park,
Llantwit Major Road,
Llandow,
Vale Of Glamorgan.
CF71 7PY
 
Tel: 01446 795 839
Fax: 01446 794 994
International Tel:   +44 1446 795 839

email: chuck.amadi at rokcorp.com

This email is confidential to the addressee only. If you do not believe
that you are the intended recipient, do not pass it on or copy it in any
way. Please delete it immediately.