Solved

Blocking IP from server

Posted on 2004-08-27
7
171 Views
Last Modified: 2010-03-04

I have an Ensim server, linux 7.3.

I'm getting hundreds of spam emails each minute from some asian ip: 211.63.136.34 and several other 211.63.136 ip numbers.

My spam filter is blocking these based on the ip, but there are so many connections that it is getting overwhelmed and other emails end up either delayed or not getting through.

Is there a way to have the server refuse connections from 211.63.136 ?  So this never even reaches the spam filter?

If so, how do I go about it?

Thanks,

Chris
0
Comment
Question by:St_Aug_Beach_Bum
7 Comments
 
LVL 15

Accepted Solution

by:
samri earned 168 total points
ID: 11916460
It is best to relocate this question to Linux Area :

http://www.experts-exchange.com/Operating_Systems/Linux/
http://www.experts-exchange.com/Operating_Systems/Linux/Linux_Administration/
http://www.experts-exchange.com/Networking/Linux_Networking/

If you had firewall installed, you could block it there...

This IP address appears to be from :
136.63.211.in-addr.arpa.      43200      SOA      rev1.kornet.net.
                        domain.rev1.kornet.net.
                        2001071900      ; serial
                        43200      ; refresh (12 hours)
                        3600      ; retry (1 hour)
                        604800      ; expire (7 days)
                        43200      ; minimum (12 hours)

if you decided to report an Abuse : Check the information on this page: http://www.dnsstuff.com/tools/whois.ch?ip=211.63.136.34


0
 
LVL 7

Assisted Solution

by:CajunBill
CajunBill earned 166 total points
ID: 11918581
Contact your internet provider (ISP) to see if they can block it for you before it reaches you.
Some ISPs can do this - ours does.

A firewall would not block it unless it can block higher layer traffic.  Simple firewalls block on layer three, the IP address, but the email is not sent directly from there.  So it won't be seen as coming from there.

Regards
CajunBill
0
 
LVL 15

Expert Comment

by:samri
ID: 11920174
yes, a firewall could totally deny depending on various criteria.  In this case, you could deny traffic from the offending network source_network 211.63.136/24 destination_port 25 (smtp).  Even the "basic" tcp-wrapper which is available on most Unix should be able to do that.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 7

Expert Comment

by:CajunBill
ID: 11921374
samri,
I said in my comment "A firewall would not block it unless it can block higher layer traffic."
Your rule will work only if the actual mailserver (not the client) is in the offending IP range.

To explain:
The originating client is not sending a tcp/ip stream to his server, but that's what your firewall rule would block.
What the firewall will see is tcp/ip messages coming from a mail server somewhere.
Like this:

spammer |-----(email)----->[mailserver]------(email)----->BeachBum's server
mail client|                          a.b.c.d
211.63.136.x

So at the level of IP address and port, BB's server or firewall will see messages from the address a.b.c.d
The orginal client address (211.63.136.x) will be buried in the middle of the messages, in the upper-layer headers.

However, I agree that your rule will work if the mailserver is in the offending IP range, AND is connecting directly to BB's server.  (In other words, not forwarding the mail to another maillserver first.)

Regards, CajunBill
0
 
LVL 13

Assisted Solution

by:kenfcamp
kenfcamp earned 166 total points
ID: 11921593
Blocking access to port 25 through your firewall as samri suggested will work very well (It's done all the time, I do it as well)

alternatly you could add "211.63.136   REJECT" to sendmails access file.

The problem you may find with either of these is that you could find that you don't get legitmate mail if they are sent from a address matching the IP range being blocked.
0
 

Author Comment

by:St_Aug_Beach_Bum
ID: 11922330

Hi all,

Thank you all for your comments, I meant to get back to this question sooner.

I found a simple working solution in another forum:

iptables -A INPUT -s 211.63.0.0/16 -j DROP

The author suggested I use this command and leave it in place for a few weeks, then remove it to see if the problem continues, replace if needed.

To remove, he gave me:

ipchains -F INPUT

Though I learned something from all the comments here, so I will split points,

Thanks again,

Chris
0
 
LVL 7

Expert Comment

by:CajunBill
ID: 11922419
Thanks for sharing that!
Good luck.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP Curl Multi-exec 13 68
phpmyadmin installation 3 55
SQL DRIVER FOR PHP / MSSQL 2008 Standard Edition (64-bit) SP4 (10.0.6000.29) 9 75
PHP in Apache server 20 89
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now