Slammed with mail from China, need help with IPBLOCK or IPCHAINS
Posted on 2006-06-29
My server is being slammed (15,000+ daily) with mail originating from China. For now, I am using DNSBL but trying to use it in conjunction with ipchains and ipblock
Jun 29 19:54:42 mythos sendmail: k5U0sbq28877: ruleset=check_relay, arg1=[22.214.171.124], arg2=126.96.36.199, relay=[188.8.131.52], reject=450 5.7.1 Mail from suspected spam source 184.108.40.206 refused - using DNSBL countries.nerd.dk
I have used this script below to enter "ipblock 220.127.116.11", yet why does is still have a sendmail attempt as opposed to a full outright ban?
mythos:/# more /usr/spc/ipblock
# ipblock v2.0
# replaces ipblock that calls route, calling /usr/spc/block, which uses
# the new ipchains method of blocking/logging
if [ "$IP" = "" ]; then
echo "ipblock: blocks an entire class C netblock"
echo "Usage: $0 <ip_addr>"
echo "where <ip_addr> is in the form a.b.c.d, a.b.c.0/24 will be blocked"
if [ `grep -c ^$IP$ /etc/.blockips` -gt 0 ]; then
echo $IP already blocked
CLASSC=`echo $IP | sed 's,\.[0-9]*$,\.0/24,'`
echo $IP >> /etc/.blockips
/usr/spc/block -f $CLASSC
Should I use ipchains instead and if so, how does it need to read to block 18.104.22.168?
ipchains -A input -s ##WHAT GOES HERE TO BLOCK 22.214.171.124??## -j DENY