Results 1 to 3 of 3

Thread: Blacklisting spammer IP

Hybrid View

  1. #1
    Join Date
    Aug 2007
    Location
    Santa Clara, CA
    Posts
    3
    Rep Power
    8

    Question Blacklisting spammer IP

    I have been trying to have Zimbra reject any mail from one particular spammer's IP (72.248.133.133), from where we receive close to 100 messages a day, but haven't had much luck so far. This is somehow not listed on any of the RBLs we use (see below).

    The spammer keeps changing the DNS A and MX records daily, but the IP is the same... so far.

    Here's what I tried -
    1. Created an access file /opt/zimbra/conf/maps/access with the first three octets of the reject IP
    Code:
    72.248.133      554
    2. Ran postmap to create the hash db
    Code:
    postmap /opt/zimbra/conf/maps/access
    3. Then ran the following to update the zimbra config (see last line)
    Code:
    zmprov mcf \
    zimbraMtaRestriction reject_invalid_hostname \
    zimbraMtaRestriction reject_non_fqdn_hostname \
    zimbraMtaRestriction reject_non_fqdn_sender \
    zimbraMtaRestriction reject_unknown_sender_domain \
    zimbraMtaRestriction "reject_rbl_client dnsbl.njabl.org" \
    zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org" \
    zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" \
    zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" \
    zimbraMtaRestriction "reject_rbl_client sbl.spamhaus.org" \
    zimbraMtaRestriction "reject_rbl_client relays.mail-abuse.org" \
    zimbraMtaRestriction "check_client_access hash:/opt/zimbra/conf/maps/client_access"
    Zimbra is still not rejecting the client IP starting with 72.248.133, and the logs show mails being accepted.

    Upon looking into /opt/zimbra/postfix/conf/main.cf, I see all of the restrictions added, except the check_client_access restriction.

    Should I be adding this manually to the main.cf file? But that will get overwritten if I run a zmprov mcf command later.

    Any help is greatly appreciated!

  2. #2
    Join Date
    Mar 2007
    Location
    Italy
    Posts
    20
    Rep Power
    8

    Default

    Maybe (maybe!) I'm totally wrong, but have you tried adding that IP to the /etc/hosts.deny file?
    In that way you would deny all connections from that IP.

  3. #3
    Join Date
    Aug 2007
    Location
    Santa Clara, CA
    Posts
    3
    Rep Power
    8

    Default

    Quote Originally Posted by tommy View Post
    Maybe (maybe!) I'm totally wrong, but have you tried adding that IP to the /etc/hosts.deny file?
    In that way you would deny all connections from that IP.
    Thanks Tommy, I will give it a try.

    Another option is to have a rule in my firewall to drop any packets from the particular IP/subnet... but I would rather like to maintain all this stuff in the MTA layer -- just for easier maintainability.

Similar Threads

  1. Replies: 32
    Last Post: 03-18-2011, 11:03 AM
  2. I got Ubuntu and Zimbra working
    By pacsteel in forum Installation
    Replies: 73
    Last Post: 06-23-2008, 11:41 AM
  3. Binding to Ports (per IP?)
    By jsx in forum Installation
    Replies: 3
    Last Post: 06-03-2007, 02:41 PM
  4. Views on Public vs. NAT'd IP and Bind
    By LMStone in forum Administrators
    Replies: 5
    Last Post: 10-12-2006, 02:28 PM
  5. Another DNS Thread - Internal and External IP
    By Mo_Hong in forum Administrators
    Replies: 4
    Last Post: 08-31-2006, 09:40 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •