Blacklisting spammer IP
I have been trying to have Zimbra reject any mail from one particular spammer's IP (188.8.131.52), from where we receive close to 100 messages a day, but haven't had much luck so far. This is somehow not listed on any of the RBLs we use (see below).
The spammer keeps changing the DNS A and MX records daily, but the IP is the same... so far.
Here's what I tried -
1. Created an access file /opt/zimbra/conf/maps/access with the first three octets of the reject IP
2. Ran postmap to create the hash db
3. Then ran the following to update the zimbra config (see last line)
Zimbra is still not rejecting the client IP starting with 72.248.133, and the logs show mails being accepted.
zmprov mcf \
zimbraMtaRestriction reject_invalid_hostname \
zimbraMtaRestriction reject_non_fqdn_hostname \
zimbraMtaRestriction reject_non_fqdn_sender \
zimbraMtaRestriction reject_unknown_sender_domain \
zimbraMtaRestriction "reject_rbl_client dnsbl.njabl.org" \
zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org" \
zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" \
zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" \
zimbraMtaRestriction "reject_rbl_client sbl.spamhaus.org" \
zimbraMtaRestriction "reject_rbl_client relays.mail-abuse.org" \
zimbraMtaRestriction "check_client_access hash:/opt/zimbra/conf/maps/client_access"
Upon looking into /opt/zimbra/postfix/conf/main.cf, I see all of the restrictions added, except the check_client_access restriction.
Should I be adding this manually to the main.cf file? But that will get overwritten if I run a zmprov mcf command later.
Any help is greatly appreciated!
Maybe (maybe!) I'm totally wrong, but have you tried adding that IP to the /etc/hosts.deny file?
In that way you would deny all connections from that IP. :)
Thanks Tommy, I will give it a try.
Originally Posted by tommy
Another option is to have a rule in my firewall to drop any packets from the particular IP/subnet... but I would rather like to maintain all this stuff in the MTA layer -- just for easier maintainability.