The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

iptables

Discussion in 'General Discussion' started by Express, May 1, 2003.

  1. Express

    Express Active Member

    Joined:
    Apr 20, 2003
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    We run this script from ssh when we want to ban a ip from the server.

    iptables -I INPUT -s xxx.xxx.x.xxx -j DROP

    We need to remove the ones we have added, we used that command to ban 4 ips, now we want to remove them from the iptable ban list.
    What command would we use to first look at all ips banned on server?

    Second how to remove a ip from the ban list?

    I have blocked this ip 192.168.0.237 since it is in the block below does that mean the entire block is banned?

    This is the ip that can not get to the site 192.168.2.103

    If I look uner iptables with this command iptables -L INPUT -v I see this.
    DROP all -- 192.168.0.237 anywhere


    NetRange: 192.168.0.0 - 192.168.255.255
    CIDR: 192.168.0.0/16
    NetName: IANA-CBLK1
    NetHandle: NET-192-168-0-0-1
    Parent: NET-192-0-0-0-0
    NetType: IANA Special Use
    NameServer: BLACKHOLE-1.IANA.ORG
    NameServer: BLACKHOLE-2.IANA.ORG
    Comment: This block is reserved for special purposes.
    Comment: Please see RFC 1918 for additional information.
     
    #1 Express, May 1, 2003
    Last edited: May 1, 2003
  2. Express

    Express Active Member

    Joined:
    Apr 20, 2003
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
  3. Express

    Express Active Member

    Joined:
    Apr 20, 2003
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Here is the problem. I have a spammer that is sending emails to everyone on the server. I need to somehow reject his domain name from the server. Can not reject the ip because he is a block of ips that other users use so I need to only block his domain name.

    Any ideas?
     
  4. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Here's one:

    /etc/spammers

    problemdomain.com


    By not using an IP address nor, a 'full' eMail address, any eMail from that Domain only, will be rejected by Exim -- presuming you are using WHM/Cpanel, of course. ;)
     
  5. Express

    Express Active Member

    Joined:
    Apr 20, 2003
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Our good friend from spain showed us this.

    open /etc/exim.conf
    ok, look for the following line

    #sender_host_reject = +allow_unknown:lsearch*;/etc/spammers

    don't modify it, just add the following line below:

    host_reject = *.enflyer.com


    restart Exim:

    /etc/rc.d/init.d/exim restart

    and that's it.
     
  6. marius

    marius Well-Known Member
    PartnerNOC

    Joined:
    Jun 10, 2002
    Messages:
    157
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Bucharest
    if i wanna block a sender's IP address, by adding
    host_reject=123.45.67.89 will this block all emails from that particular IP address?

    if not.. how can I block an IP address?

    another question.. if i add
    host_reject=IP 554 This server is used for SPAM
    will this return the message to the sender?

    I'm interested in blocking the IP address and announce the users of that server that the machine they have accounts on is used for SPAM (by the owner)


    regards,
     
    #6 marius, May 30, 2003
    Last edited: May 30, 2003
  7. cbwass

    cbwass Well-Known Member

    Joined:
    Mar 29, 2002
    Messages:
    148
    Likes Received:
    0
    Trophy Points:
    16
    If you want to block access to your server for whatever reason, you will need to log into the shell as root. Your server should either have ipchains or iptables to help accomplish this. In this example, the attacking IP is 192.168.56.210 .

    type "iptables -A INPUT -s 192.168.56.210/32 -j DROP"
    If you just want to block access to one port from an ip :
    iptables -A INPUT -s 192.168.56.210/32 -p tcp --destination-port 23 -j DROP
    The above would drop all packets from 192.168.56.210/32 to port 23 (telnet) on the server. There are many indepth tutorials available on the internet, search google.com for some more information on it.
    ------------------------------------
    UNBLOCK:

    code:iptables -L INPUT -n --line-numbers
    This will list you current ruleset in INPUT.

    line-numbers argument to iptables will help you to find the number of each rule, so you can delete it easily by:
    code:iptables -D INPUT <RULENUMBER>
    -------------------------------------
    REJECT DOMAIN:

    open /etc/exim.conf
    ok, look for the following line

    #sender_host_reject = +allow_unknown:lsearch*;/etc/spammers

    don't modify it, just add the following line below:

    host_reject = *.enflyer.com

    cPanel.net Support Ticket Number:
     
  8. marius

    marius Well-Known Member
    PartnerNOC

    Joined:
    Jun 10, 2002
    Messages:
    157
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Bucharest
    cbwass

    Well.. I found out that adding host_reject=12.34.56.78 will stop all the emails from the machine with this IP address. I don't want to stop the machine accessing my server.. just to stop the email from it.

    This will do ... fo now. What i was looking is a solution to alert the clients on that particular machine that the owner of the machine is using the server for sending ucm.

    Something like in postfix, where you can add the domain or the ip you want to reject..

    eg.
    12.34.56.78 554 This machine is used for SPAM!

    this will return to the sender the error with the message.
     
  9. Host4u2

    Host4u2 Well-Known Member

    Joined:
    Mar 24, 2002
    Messages:
    248
    Likes Received:
    0
    Trophy Points:
    16
    Changes to /etc/exim.conf

    NOTE:
    You must make changes via your WHM/Exim Configuration Editor/Advanced Mode, otherwise, your changes will be over-written the next time you upgrade.
     
  10. justhost

    justhost Well-Known Member

    Joined:
    Sep 2, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Halifax, Nova Scotia
    If we run something like :

    iptables -A INPUT -s XXX.XX.XX.XXX/32 -j DROP

    Will this also boot the IP from the server?

    Thank you.
     
  11. IPSecureNetwork

    IPSecureNetwork Well-Known Member

    Joined:
    May 28, 2005
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    use the apf firewall policy advance ..
    just take a few seconds to install and manage the iptables rules

    you can insert a rule like deny all from and out for to the ip xxx.xxx.xxx.xxx
    and the you can remove it if you want whit a litle command

    you can add CDIR blocks to like xxx.xxx.xxx.xxx/24

    this ban the xxx.xxx.xxx.0 to xxx.xxx.xxx.255

    i hope thats help you
     
  12. sukil

    sukil Member

    Joined:
    Nov 15, 2005
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    I tried it on my server to block a spammer but when I tried to restart Exim it gave an error saying unknown parameter host_reject. Since ur post has Exim changed usage of this option? What is the way now to block a IP from sending email only?
     
Loading...

Share This Page