How to block IP to not recieve mail from it.

Discuss our MailScanner install script and MailScanner itself
Post Reply
nabuhonodozor
Junior Member
Posts: 48
Joined: 29 Oct 2007, 07:01

How to block IP to not recieve mail from it.

Post by nabuhonodozor »

Hi,
Since months I am getting big number of viruses from one particulary IP - 87.89.106.214.
I would like to block it permamently so no email from this IP will be processed by my server at all.
Ive tried method described here -
http://www.configserver.com/techfaq/faq ... =18&page=2

This is case for whitelists, but I thought there will be the same way for blacklist aswell, but I cannot find /etc/exim_deny_whitelist file at all. There wasn't also a file for blacklist.

My question is: how to block certain IP from sending me emails?

Best regards,
Piotr
ckh
Junior Member
Posts: 147
Joined: 10 Dec 2006, 15:35

Post by ckh »

You can add it to the quick deny in the WHM CSF interface which would block it from everything on your server.

If you are just wanting to block it from email, you can create text file and in it put:

d=25:s=87.89.106.214

This is saying it will block the IP on port 25.

Upload the file somewhere that is web accessible and in the CSF configuration, update your GLOBAL_DENY to point to the file. IE http://yourdomain.com/deny.txt

This is what I'm doing and the file is then available for all my servers, not just one. That way if I make any changes to it all the servers are updated from the one change.
nabuhonodozor
Junior Member
Posts: 48
Joined: 29 Oct 2007, 07:01

Post by nabuhonodozor »

Thank You ckh,
I thought that putting IP into CSF wont block it from sending mail but Ill try it. Idea with file is really great.
Maybe we, as a CSF users , should build and maintained such a list? Daily I am having many hacking attempts and my list grows every day.
Maybe WE should collect those blicked IP along with reasons why those IP was banned and start to create an list. Such a list should be then freely available.
Such a list shoud be purge quite often and should be act as a quick reaction to hacker activity. We have dshield and other list but they are quite slow with updating new IP's.
I can host and cares about updates. what do You think?
best regards,
Piotr
Sarah
Moderator
Posts: 934
Joined: 09 Dec 2006, 22:49

Post by Sarah »

If you're running a recent version of cPanel 11, you can also block sending IPs at exim using the Blacklist in the WHM Exim Configuration Editor under the Access Lists section. Click edit to add IP addresses to the blacklist. This will only block their SMTP connections and will not affect anything else.

It's not possible to block an IP address completely in MailScanner, only to always mark mail from an IP address or sender as spam, but the mail will still be processed by MailScanner.
Post Reply