suzdorr
asked on
hosts.deny apparently ineffectual
I'm running a RedHat ES mail server (Postfix, Amavis, ClamAV), which has been barraged lately by the Zafi worm.
Messages arrive from "you@yourname.com" and one of three (so far) IP numbers.
My hosts.deny file looks like this:
ALL: 66.232.193.238
ALL: 66.232.196.58
ALL: 66.232.192.205
ALL: yourname.com
But these settings appear to have no effect (I restarted xinetd and have infact rebooted since changing settings).
I have an AT&T managed router and have had them deny the first two IP's, but almost immediately messages began to appear from a third. I'd like to be able to take care of the denial on the server rather than the router (just to avoid needing to bug the AT&T people).
Would appreciate any suggestions. I've never had to deny a host access before and feel like I'm missing something terribly obvious. Points are based on some urgency.
Thank you!
Messages arrive from "you@yourname.com" and one of three (so far) IP numbers.
My hosts.deny file looks like this:
ALL: 66.232.193.238
ALL: 66.232.196.58
ALL: 66.232.192.205
ALL: yourname.com
But these settings appear to have no effect (I restarted xinetd and have infact rebooted since changing settings).
I have an AT&T managed router and have had them deny the first two IP's, but almost immediately messages began to appear from a third. I'd like to be able to take care of the denial on the server rather than the router (just to avoid needing to bug the AT&T people).
Would appreciate any suggestions. I've never had to deny a host access before and feel like I'm missing something terribly obvious. Points are based on some urgency.
Thank you!
ASKER
Good information, ahoffman. Don't think it'll be my solution, unfortunately.
Amavisd gets the mail first and does virus and spam checking before sending it on to post fix. I'd like the mail rejected from the outset, since the whole process of virus scanning, message bouncing, and administrative notification consumes so much server time and log space. (I'm getting a Zafi message every few seconds -- so my log is full of this junk.)
I've put the IP number and name in my Amavisd blacklist, but that seems to have no effect. Now that I know hosts.deny has no effect (thanks!) I'll do some further study of amavisd.conf to see what I might have missed. If anyone has any thoughts about that, I'd be grateful.
Amavisd gets the mail first and does virus and spam checking before sending it on to post fix. I'd like the mail rejected from the outset, since the whole process of virus scanning, message bouncing, and administrative notification consumes so much server time and log space. (I'm getting a Zafi message every few seconds -- so my log is full of this junk.)
I've put the IP number and name in my Amavisd blacklist, but that seems to have no effect. Now that I know hosts.deny has no effect (thanks!) I'll do some further study of amavisd.conf to see what I might have missed. If anyone has any thoughts about that, I'd be grateful.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You need to tell postfix from which IPs to accept mail
smtpd_recipient_restrictio
smtpd_helo_restrictions
smtpd_client_restrictions
smtpd_helo_required
and some more are your friends ..