I'm running a RedHat ES mail server (Postfix, Amavis, ClamAV), which has been barraged lately by the Zafi worm.
Messages arrive from "firstname.lastname@example.org" and one of three (so far) IP numbers.
My hosts.deny file looks like this:
But these settings appear to have no effect (I restarted xinetd and have infact rebooted since changing settings).
I have an AT&T managed router and have had them deny the first two IP's, but almost immediately messages began to appear from a third. I'd like to be able to take care of the denial on the server rather than the router (just to avoid needing to bug the AT&T people).
Would appreciate any suggestions. I've never had to deny a host access before and feel like I'm missing something terribly obvious. Points are based on some urgency.