Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 4761 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Stop spam from ***.red-***-xx-xx.dynamicip.rima-tde.net

equintana
Hi,


Since many months, my astaro device is tagging as SPAM mail from  dynamicip.rima-tde.net networks.Works really fine.


But, how can I define a whole rule to stop  those  type of connections from that dynamic network?


Best regards


This thread was automatically locked due to age.
  • 0
    Hi, equintana,

    Version of Astaro?  SMTP or POP3 proxy?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi,

    Firmware version:      8.306
    Pattern version: 36878

    SMTP   Simple Mode and POP3 proxy  both enabled



    Best regards
  • 0
    So, this is spam blocked by the SMTP Proxy - right?  Are you using the zen or pbl Spamhaus RBL?  Do you have SPF activated?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Hi,

    Yes, but I´d like to block that type of connections to my pop3&smtp ports.

    How to block dynamicip.rima-tde.net network?

    regards
  • 0
    Unfortunately, those are individual ranges in a /16 block, so it would be impractical to chase those down.  If you're using xen (includes pbl) or pbl from Spamhaus, you're getting the quickest possible rejection of those messages with the least possible bandwidth usage.

    Here's an example of what happens in an RBL rejection:
    2012:10:02-17:37:02 post exim-in[5074]: 2012-10-02 17:37:02 SMTP connection from [24.45.45.14]:3363 (TCP/IP connection count = 1)
    2012:10:02-17:37:02 post exim-in[17811]: 2012-10-02 17:37:02 H=ool-182d2d0e.dyn.optonline.net (dqserve.com) [24.45.45.14]:3363 Warning: MyDomain.com profile excludes greylisting: Skipping greylisting for this message
    2012:10:02-17:37:02 post exim-in[17811]: 2012-10-02 17:37:02 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="24.45.45.14" from="nr@dqserve.com" to="username@MyDomain.com" size="-1" reason="rbl" extra="black.rbl.ctipd.astaro.local"
    2012:10:02-17:37:02 post exim-in[17811]: 2012-10-02 17:37:02 H=ool-182d2d0e.dyn.optonline.net (dqserve.com) [24.45.45.14]:3363 F= rejected RCPT : Delivery from 24.45.45.14 rejected. Check at www.commtouch.com/.../Check_IP_Reputation.asp. Reference code: tid=0001.0A010301.506B6C8E.0009
    2012:10:02-17:37:02 post exim-in[17811]: 2012-10-02 17:37:02 SMTP connection from ool-182d2d0e.dyn.optonline.net (dqserve.com) [24.45.45.14]:3363 closed by DROP in ACL


    This particular response wasn't fast enough to prevent the multi-tasking Astaro from looking to see if the recipient was valid (she was), but the rejection was due to the IP being listed in the RBL.

    Another good protection is 'RDNS/HELO', and I think that's even faster and uses less bandwidth'.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?