The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Blacklist IP Address in Spam Assassin?

Discussion in 'General Discussion' started by urantian, Aug 24, 2009.

  1. urantian

    urantian Well-Known Member

    Joined:
    Jan 26, 2005
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Fayetteville, Arkansas
    cPanel Access Level:
    Root Administrator
    I know how to block domain names in Spam Assassin. However, there is one organization using a block of IP addresses and MANY domains to send spam, which is getting through.

    Is it possible to blacklist specific IP addresses?

    ---Michael
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Yes, you can block the IP address in Spamassassin's configuration and use a blacklist_from to filter out mail from those IP address(es).

    HOWEVER ...

    You would be better off also blocking the IP address(es) from your firewall or as an IPTABLES filter.

    A couple of examples:
    Code:
    # iptables -A INPUT -s x.x.x.x -p tcp --dport 25 -j DROP
    # iptables -A INPUT -s x.x.x.x -j REJECT
    
    You can also have the IP's dropped directly from Exim or setup an
    RBL / Blocklist to filter out the IP addresses.

    You can drop the IP(s) in the /etc/hosts.deny

    Point is that there is dozens of different ways to drop the mail and connections if you know the source IP address.
     
  3. urantian

    urantian Well-Known Member

    Joined:
    Jan 26, 2005
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Fayetteville, Arkansas
    cPanel Access Level:
    Root Administrator
    Thank you!

    Thank you very much for the list of options.

    ---Michael
     
  4. urantian

    urantian Well-Known Member

    Joined:
    Jan 26, 2005
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Fayetteville, Arkansas
    cPanel Access Level:
    Root Administrator
    Format for Hosts.Deny?

    I want to use the hosts.deny file to block IP address from sending email to my server. This is the format I am using:

    ALL : 69.174.245.

    My intention is to block all IP addresses used by this marketer, such as 69.174.245.95 through 69.174.245.110.

    However, it does not appear to be working, as messages are still coming through. Am I using the wrong format, or the wrong file, to block email?

    Thank you!

    ---Michael
     
  5. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    If you are wanting to block a range of IP addresses, hosts.deny is really the wrong choice!

    I would block a CIDR range with IPTABLES for that ...
    Code:
    iptables -A INPUT -s 69.174.245.95/32 -p tcp --dport 25:26 -j DROP
    iptables -A INPUT -s 69.174.245.96/29 -p tcp --dport 25:26 -j DROP 
    iptables -A INPUT -s 69.174.245.104/30 -p tcp --dport 25:26 -j DROP
    iptables -A INPUT -s 69.174.245.108/31 -p tcp --dport 25:26 -j DROP
    iptables -A INPUT -s 69.174.245.110/32 -p tcp --dport 25:26 -j DROP
    
    The IP range you gave is part of a larger registered block at Server Beach
    which could be simplified to the following if you want to block the whole block:
    Code:
    iptables -A INPUT -s 69.174.240.0/20 -p tcp --dport 25:26 -j DROP
    
    The above commands will block ONLY incoming mail will not interfere
    with any other traffic to or from those addresses.

    If you have CSF or APF, a similiar filter could be configured from those firewalls
    which are basically just a front end for iptables as well.

    Now for me, I have setup a DNS (RBL) Blocklist database and have Exim configured
    to check IP's against my own RBL database which gives me total control to adding
    my own custom block ranges and is very easy to manage that works along side
    SpamCop and other blocklists out there. You might want to look at something similiar.
     
    #5 Spiral, Sep 1, 2009
    Last edited: Sep 1, 2009
  6. urantian

    urantian Well-Known Member

    Joined:
    Jan 26, 2005
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Fayetteville, Arkansas
    cPanel Access Level:
    Root Administrator
    Thank You!

    Thank you, Spiral. That is VERY helpful.

    ---Michael
     
  7. usm2000

    usm2000 Registered

    Joined:
    Sep 28, 2009
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    using IPtables

    Hello,:)
    I just want to clarify something
    If I block ip address using iptables, that will block also any email coming from this ip address:confused:
    Thanks
     
Loading...

Share This Page