The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Temporarily block virus sender IP address

Discussion in 'General Discussion' started by gflamerich, Nov 2, 2005.

  1. gflamerich

    gflamerich Well-Known Member

    Joined:
    Jul 21, 2003
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    16
    Hi,
    Does anyone knows about any way to configure exim with mailscanner to have a temporarily IP address block when sends viruses?
    I didn't found any info at this forum, neither at any exim related sites, but found a page at http://www.acme.com/software/blackmilter/ that has a solution for sendmail that seems to be what we are looking for (not for exim ... :( ).
    We would like to reject mails from IPs that sent virus infected messages for an hour or so, with the message that says why the message is rejected.
    And if also can be used to stop spammers IPs, could be perfect. We usually received dozens of spam messages from the same source, all to valid addresses, so dictionary attack does not apply.
    We analyzed our mail logs and calculate that we can cut reception, and consequently, scanning of virus infected messages to less than 20% if we use 1 hour banning, and almost less than 5% if we ban for 3 or more hours. This maybe isn't the panacea, but we can cut around 10% of messages we are receiving at the moment.
    If this can be also set to block spammers IP's, numbers are not so impressive, but seems to be between a reduction of 15 and 20% within the same IP for 2 hours, for longer periods of time, remains around 25%. Same here, we can cut almost 10% of messages we receive at the moment.
    This two measures, can represent 20% less of messages (garbage) we need to deal with.

    Thanks for any comment and suggestions.
    Gustavo
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Gustavo,

    You can do that with our front-end (which I believe you have) under WHM > MailScanner > Front-End Settings > Block virus senders (using exim_deny) > yes
     
  3. gflamerich

    gflamerich Well-Known Member

    Joined:
    Jul 21, 2003
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    16
    No, I don't have it, but if your package do so, I'll buy it right know :)
    Can you also set how long do you want the keep the block?

    Thanks Chirpy


    I just came from your site, and didn't find that info, is there any place we can see what and how we can configure that blocking?
     
    #3 gflamerich, Nov 3, 2005
    Last edited: Nov 3, 2005
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    There's nothing much to see as the option is simply a yes or no toggle. The amount of time a block exists for is the same as the crontab that is setup to clear down the exim_deny file, which is usually a rotating hour. If you want to lengthen that time it's a simple matter of running the cron entry at a different interval.

    Anyway, if you'd like to discuss this further, please contact us on our site.
     
Loading...

Share This Page