The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim Blacklist - IP Range

Discussion in 'General Discussion' started by zerokarma, Apr 17, 2010.

  1. zerokarma

    zerokarma Active Member

    Joined:
    Oct 6, 2008
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    I want to block the IP addresses 209.135.*.* and 64.87.*.* from sending mail to the server. I tried adding it in spamassassin initially but it still appears to come through. In WHM can I add 209.135.*.* and 64.87.*.* to the blacklist in order to block it? Is that the correct format in order to block that range?

    I am looking at adding them here:

    Main >> Service Configuration >> Exim Configuration Editor -> Blacklist: Drop connections from defined IP Blocks upon SMTP connection

    Any help would be appreciated.
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    There is about 50 different ways to do that and many of those are located in Exim directly; However, why not just simply block the connections in your firewall, hosts, or iptables?

    One quick and easy method is just but the CIDR in /etc/hosts.deny

    IPTABLES, you could do something like the following to allow an address to connect for other services but disallow any mail server connections:
    Code:
    iptables -A INPUT -s x.x.x.x/x -p tcp --dport 25 -j REJECT
    
    (Replace x.x.x.x/x with the CIDR range you want to block from access)

    If you just want to block the addresses entirely using the same method which is roughly equivalent to the aforementioned /etc/hosts.deny file:
    Code:
    iptables -A INPUT -s x.x.x.x/x -j DROP
    
    If you are running CSF Firewall, you can just add the CIDR range to /etc/csf/csf.deny or type "csf -d x.x.x.x/x"

    The advantage to blocking these connections from a firewall layer such as IPTABLES or CSF verses the mail server is that the connections are physically blocked before any connection is established and your mail server isn't bothered with a lot of unnecessary time and effort and socket connection having to answer connections that are going to answer with a rejection message anyway thus helping reduce loads a bit.
     
  3. zerokarma

    zerokarma Active Member

    Joined:
    Oct 6, 2008
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    I am still having problems with this and not sure how to fix this to properly block these IP ranges.

    In the /etc/spammeripblocks file I have:

    209.135.x.x
    64.87.x.x
    209.135.
    64.87.

    This doesn't seem to work, I am not sure if I have the correct syntax or not. Does anyone know how it should be entered?

    In the HOSTS.DENY file I have:

    ALL: 209.135.0.0
    ALL: 64.87.0.0

    This also doesn't work, again I am not sure if I have the correct syntax? How can I correct it if it is work?

    As for IPTABLES, I don't know enough about that, where is that supposed to be added?

    Any help that anyone can give me would be much appreciated.
     
  4. madaboutlinux

    madaboutlinux Well-Known Member

    Joined:
    Jan 24, 2005
    Messages:
    1,052
    Likes Received:
    2
    Trophy Points:
    38
    Location:
    Earth
    "Spiral" have clearly mentioned all the steps about iptables and CSF and which are recommended as well.

    It these following are the subnets you need to block, using CSF which is most simplest of them all:

    This will block tall the traffic to your server coming from the above 4 subnets.

    OR

    If you don't have CSF installed, you can also use iptables to block just the SMTP connections to your server from these subnets and let request for other services comes in.

    Once you execute the above 4 commands, save the rules

    and then restart iptables once

     
Loading...

Share This Page