Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 4761 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Stop spam from ***.red-***-xx-xx.dynamicip.rima-tde.net

equintana
Hi,


Since many months, my astaro device is tagging as SPAM mail from  dynamicip.rima-tde.net networks.Works really fine.


But, how can I define a whole rule to stop  those  type of connections from that dynamic network?


Best regards


This thread was automatically locked due to age.
Parents
  • 0
    Unfortunately, those are individual ranges in a /16 block, so it would be impractical to chase those down.  If you're using xen (includes pbl) or pbl from Spamhaus, you're getting the quickest possible rejection of those messages with the least possible bandwidth usage.

    Here's an example of what happens in an RBL rejection:
    2012:10:02-17:37:02 post exim-in[5074]: 2012-10-02 17:37:02 SMTP connection from [24.45.45.14]:3363 (TCP/IP connection count = 1)
    2012:10:02-17:37:02 post exim-in[17811]: 2012-10-02 17:37:02 H=ool-182d2d0e.dyn.optonline.net (dqserve.com) [24.45.45.14]:3363 Warning: MyDomain.com profile excludes greylisting: Skipping greylisting for this message
    2012:10:02-17:37:02 post exim-in[17811]: 2012-10-02 17:37:02 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="24.45.45.14" from="nr@dqserve.com" to="username@MyDomain.com" size="-1" reason="rbl" extra="black.rbl.ctipd.astaro.local"
    2012:10:02-17:37:02 post exim-in[17811]: 2012-10-02 17:37:02 H=ool-182d2d0e.dyn.optonline.net (dqserve.com) [24.45.45.14]:3363 F= rejected RCPT : Delivery from 24.45.45.14 rejected. Check at www.commtouch.com/.../Check_IP_Reputation.asp. Reference code: tid=0001.0A010301.506B6C8E.0009
    2012:10:02-17:37:02 post exim-in[17811]: 2012-10-02 17:37:02 SMTP connection from ool-182d2d0e.dyn.optonline.net (dqserve.com) [24.45.45.14]:3363 closed by DROP in ACL


    This particular response wasn't fast enough to prevent the multi-tasking Astaro from looking to see if the recipient was valid (she was), but the rejection was due to the IP being listed in the RBL.

    Another good protection is 'RDNS/HELO', and I think that's even faster and uses less bandwidth'.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Unfortunately, those are individual ranges in a /16 block, so it would be impractical to chase those down.  If you're using xen (includes pbl) or pbl from Spamhaus, you're getting the quickest possible rejection of those messages with the least possible bandwidth usage.

    Here's an example of what happens in an RBL rejection:
    2012:10:02-17:37:02 post exim-in[5074]: 2012-10-02 17:37:02 SMTP connection from [24.45.45.14]:3363 (TCP/IP connection count = 1)
    2012:10:02-17:37:02 post exim-in[17811]: 2012-10-02 17:37:02 H=ool-182d2d0e.dyn.optonline.net (dqserve.com) [24.45.45.14]:3363 Warning: MyDomain.com profile excludes greylisting: Skipping greylisting for this message
    2012:10:02-17:37:02 post exim-in[17811]: 2012-10-02 17:37:02 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="24.45.45.14" from="nr@dqserve.com" to="username@MyDomain.com" size="-1" reason="rbl" extra="black.rbl.ctipd.astaro.local"
    2012:10:02-17:37:02 post exim-in[17811]: 2012-10-02 17:37:02 H=ool-182d2d0e.dyn.optonline.net (dqserve.com) [24.45.45.14]:3363 F= rejected RCPT : Delivery from 24.45.45.14 rejected. Check at www.commtouch.com/.../Check_IP_Reputation.asp. Reference code: tid=0001.0A010301.506B6C8E.0009
    2012:10:02-17:37:02 post exim-in[17811]: 2012-10-02 17:37:02 SMTP connection from ool-182d2d0e.dyn.optonline.net (dqserve.com) [24.45.45.14]:3363 closed by DROP in ACL


    This particular response wasn't fast enough to prevent the multi-tasking Astaro from looking to see if the recipient was valid (she was), but the rejection was due to the IP being listed in the RBL.

    Another good protection is 'RDNS/HELO', and I think that's even faster and uses less bandwidth'.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?