Exim Blacklist - IP Range

[zerokarma]

I want to block the IP addresses 209.135.*.* and 64.87.*.* from sending mail to the server. I tried adding it in spamassassin initially but it still appears to come through. In WHM can I add 209.135.*.* and 64.87.*.* to the blacklist in order to block it? Is that the correct format in order to block that range?

I am looking at adding them here:

Main >> Service Configuration >> Exim Configuration Editor -> Blacklist: Drop connections from defined IP Blocks upon SMTP connection

Any help would be appreciated.

[Spiral]

There is about 50 different ways to do that and many of those are located in Exim directly; However, why not just simply block the connections in your firewall, hosts, or iptables?

One quick and easy method is just but the CIDR in /etc/hosts.deny

IPTABLES, you could do something like the following to allow an address to connect for other services but disallow any mail server connections:

Code:

iptables -A INPUT -s x.x.x.x/x -p tcp --dport 25 -j REJECT

(Replace x.x.x.x/x with the CIDR range you want to block from access)

If you just want to block the addresses entirely using the same method which is roughly equivalent to the aforementioned /etc/hosts.deny file:

Code:

iptables -A INPUT -s x.x.x.x/x -j DROP

If you are running CSF Firewall, you can just add the CIDR range to /etc/csf/csf.deny or type "csf -d x.x.x.x/x"

The advantage to blocking these connections from a firewall layer such as IPTABLES or CSF verses the mail server is that the connections are physically blocked before any connection is established and your mail server isn't bothered with a lot of unnecessary time and effort and socket connection having to answer connections that are going to answer with a rejection message anyway thus helping reduce loads a bit.

[zerokarma]

I am still having problems with this and not sure how to fix this to properly block these IP ranges.

In the /etc/spammeripblocks file I have:

209.135.x.x
64.87.x.x
209.135.
64.87.

This doesn't seem to work, I am not sure if I have the correct syntax or not. Does anyone know how it should be entered?

In the HOSTS.DENY file I have:

ALL: 209.135.0.0
ALL: 64.87.0.0

This also doesn't work, again I am not sure if I have the correct syntax? How can I correct it if it is work?

As for IPTABLES, I don't know enough about that, where is that supposed to be added?

Any help that anyone can give me would be much appreciated.

[madaboutlinux]

"Spiral" have clearly mentioned all the steps about iptables and CSF and which are recommended as well.

It these following are the subnets you need to block, using CSF which is most simplest of them all:

csf -d 209.135.0.0/16
csf -d 64.87.0.0/16
csf -d 209.135.0.0/16
csf -d 64.87.0.0/16

This will block tall the traffic to your server coming from the above 4 subnets.

OR

If you don't have CSF installed, you can also use iptables to block just the SMTP connections to your server from these subnets and let request for other services comes in.

iptables -A INPUT -s 209.135.0.0/16 -p tcp --dport 25 -j REJECT
iptables -A INPUT -s 64.87.0.0/16 -p tcp --dport 25 -j REJECT
iptables -A INPUT -s 64.87.0.0/16 -p tcp --dport 25 -j REJECT
iptables -A INPUT -s 64.87.0.0/16 -p tcp --dport 25 -j REJECT

Once you execute the above 4 commands, save the rules

service iptables save

and then restart iptables once

service iptables restart