Temporarily block virus sender IP address

[gflamerich]

Hi,
Does anyone knows about any way to configure exim with mailscanner to have a temporarily IP address block when sends viruses?
I didn't found any info at this forum, neither at any exim related sites, but found a page at http://www.acme.com/software/blackmilter/ that has a solution for sendmail that seems to be what we are looking for (not for exim ... ).
We would like to reject mails from IPs that sent virus infected messages for an hour or so, with the message that says why the message is rejected.
And if also can be used to stop spammers IPs, could be perfect. We usually received dozens of spam messages from the same source, all to valid addresses, so dictionary attack does not apply.
We analyzed our mail logs and calculate that we can cut reception, and consequently, scanning of virus infected messages to less than 20% if we use 1 hour banning, and almost less than 5% if we ban for 3 or more hours. This maybe isn't the panacea, but we can cut around 10% of messages we are receiving at the moment.
If this can be also set to block spammers IP's, numbers are not so impressive, but seems to be between a reduction of 15 and 20% within the same IP for 2 hours, for longer periods of time, remains around 25%. Same here, we can cut almost 10% of messages we receive at the moment.
This two measures, can represent 20% less of messages (garbage) we need to deal with.

Thanks for any comment and suggestions.
Gustavo

[chirpy]

Gustavo,

You can do that with our front-end (which I believe you have) under WHM > MailScanner > Front-End Settings > Block virus senders (using exim_deny) > yes

[gflamerich]

Gustavo,

You can do that with our front-end (which I believe you have) under WHM > MailScanner > Front-End Settings > Block virus senders (using exim_deny) > yes

No, I don't have it, but if your package do so, I'll buy it right know
Can you also set how long do you want the keep the block?

Thanks Chirpy


I just came from your site, and didn't find that info, is there any place we can see what and how we can configure that blocking?

[chirpy]

There's nothing much to see as the option is simply a yes or no toggle. The amount of time a block exists for is the same as the crontab that is setup to clear down the exim_deny file, which is usually a rotating hour. If you want to lengthen that time it's a simple matter of running the cron entry at a different interval.

Anyway, if you'd like to discuss this further, please contact us on our site.