[Greylist-users] Blacklisting an IP - outside of Greylist
Paul Venezia
pvenezia at jpj.net
Wed Mar 28 07:16:47 PDT 2007
On Mar 28, 2007, at 10:02 AM, Dennis Wynne wrote:
> We have one IP that is really hitting on us, the blocked count in the
> greylist database shows 32,552 blocks since I blacklisted them.
>
> One message snuck through this morning, they hit us so often that
> during the
> time the daily stop/start of the script was going on the message snuck
> through.
>
> To avoid having to look this number up over and over in the
> database all day
> and have any mail sneak by in case the script is down for any
> reason, I want
> to block this IP at the earliest or best spot (lease overhead for
> my system)
> that I can.
>
> Thoughts:
>
> 1) I can put it in the access sendmail "database" with an entry like:
>
> Connect:1.1.1.1 REJECT
>
>
> 2) I can add them to the iptables "firewall" with something like this:
>
> -A RH-Firewall-1-INPUT -d 1.1.1.1 -j REJECT
>
>
> 3) I could get them listed on one of the real-time black lists I
> use - they
> currently are not listed. This seems the least sure and still has high
> overhead, I would think.
Drop it at the firewall, then nuke them from orbit -- it's the only
way to be sure. My pf smtpblock table currently has 31,383 hosts that
are permanently blocked from talking to TCP/25.
-Paul
More information about the Greylist-users
mailing list