Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Blocking IP from server

Posted on 2004-08-27
7
Medium Priority
?
178 Views
Last Modified: 2010-03-04

I have an Ensim server, linux 7.3.

I'm getting hundreds of spam emails each minute from some asian ip: 211.63.136.34 and several other 211.63.136 ip numbers.

My spam filter is blocking these based on the ip, but there are so many connections that it is getting overwhelmed and other emails end up either delayed or not getting through.

Is there a way to have the server refuse connections from 211.63.136 ?  So this never even reaches the spam filter?

If so, how do I go about it?

Thanks,

Chris
0
Comment
Question by:St_Aug_Beach_Bum
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 15

Accepted Solution

by:
samri earned 504 total points
ID: 11916460
It is best to relocate this question to Linux Area :

http://www.experts-exchange.com/Operating_Systems/Linux/
http://www.experts-exchange.com/Operating_Systems/Linux/Linux_Administration/
http://www.experts-exchange.com/Networking/Linux_Networking/

If you had firewall installed, you could block it there...

This IP address appears to be from :
136.63.211.in-addr.arpa.      43200      SOA      rev1.kornet.net.
                        domain.rev1.kornet.net.
                        2001071900      ; serial
                        43200      ; refresh (12 hours)
                        3600      ; retry (1 hour)
                        604800      ; expire (7 days)
                        43200      ; minimum (12 hours)

if you decided to report an Abuse : Check the information on this page: http://www.dnsstuff.com/tools/whois.ch?ip=211.63.136.34


0
 
LVL 7

Assisted Solution

by:CajunBill
CajunBill earned 498 total points
ID: 11918581
Contact your internet provider (ISP) to see if they can block it for you before it reaches you.
Some ISPs can do this - ours does.

A firewall would not block it unless it can block higher layer traffic.  Simple firewalls block on layer three, the IP address, but the email is not sent directly from there.  So it won't be seen as coming from there.

Regards
CajunBill
0
 
LVL 15

Expert Comment

by:samri
ID: 11920174
yes, a firewall could totally deny depending on various criteria.  In this case, you could deny traffic from the offending network source_network 211.63.136/24 destination_port 25 (smtp).  Even the "basic" tcp-wrapper which is available on most Unix should be able to do that.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 7

Expert Comment

by:CajunBill
ID: 11921374
samri,
I said in my comment "A firewall would not block it unless it can block higher layer traffic."
Your rule will work only if the actual mailserver (not the client) is in the offending IP range.

To explain:
The originating client is not sending a tcp/ip stream to his server, but that's what your firewall rule would block.
What the firewall will see is tcp/ip messages coming from a mail server somewhere.
Like this:

spammer |-----(email)----->[mailserver]------(email)----->BeachBum's server
mail client|                          a.b.c.d
211.63.136.x

So at the level of IP address and port, BB's server or firewall will see messages from the address a.b.c.d
The orginal client address (211.63.136.x) will be buried in the middle of the messages, in the upper-layer headers.

However, I agree that your rule will work if the mailserver is in the offending IP range, AND is connecting directly to BB's server.  (In other words, not forwarding the mail to another maillserver first.)

Regards, CajunBill
0
 
LVL 14

Assisted Solution

by:kenfcamp
kenfcamp earned 498 total points
ID: 11921593
Blocking access to port 25 through your firewall as samri suggested will work very well (It's done all the time, I do it as well)

alternatly you could add "211.63.136   REJECT" to sendmails access file.

The problem you may find with either of these is that you could find that you don't get legitmate mail if they are sent from a address matching the IP range being blocked.
0
 

Author Comment

by:St_Aug_Beach_Bum
ID: 11922330

Hi all,

Thank you all for your comments, I meant to get back to this question sooner.

I found a simple working solution in another forum:

iptables -A INPUT -s 211.63.0.0/16 -j DROP

The author suggested I use this command and leave it in place for a few weeks, then remove it to see if the problem continues, replace if needed.

To remove, he gave me:

ipchains -F INPUT

Though I learned something from all the comments here, so I will split points,

Thanks again,

Chris
0
 
LVL 7

Expert Comment

by:CajunBill
ID: 11922419
Thanks for sharing that!
Good luck.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question