Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 1779 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block a subnet from accessing the transparent SMTP proxy?

JonEtkins
I'm trying to block a particular subnet which is originating a bunch of what I consider SPAM.  (I'm puzzled why they don't appear in the RBL's I use, but that's a discussion for another day.)

Since Astaro's Mail Security doesn't appear to provide any way to blacklist based on originating IP address, I am attempting to block them at the packet filter, but my attempts have been unsuccessful.

I have created a network definition definition:

Name: nationwideassociatesinc.com
Type: Network
Interface: >
IPv4 Address: 64.18.137.192
Netmask: /27(255.255.255.224)

and added that to my "Known Offenders" Network Group.

My firewall rule #1 is

Source: Known offenders
Service: Any
Destination: Any
Action: Drop and log

and #2 is 

Source: Known offenders
Service: Any
Destination: WAN(Address)
Action: Drop and log

yet these a-holes continue to get through.

I'm running the SMTP proxy in transparent mode, and I guess the problem is somehow related to the sequence of events within ASG.  Any ideas or suggestions how to block this traffic?


This thread was automatically locked due to age.
Parents
  • 0
    A basic concept for traffic arriving at an interface is: DNATs are considered first, then Proxies, and, finally, Packet Filter rules and Routes.  So, the trick is to use a DNAT instead of a PF rule, and just send the packets to a non-existant address.

    Did that work?

    Cheers - Bob
    PS  I usually recommend that the SMTP Proxy NOT be run in transparent mode, but, if this a home-use machine, then there's probably no security risk.
Reply
  • 0
    A basic concept for traffic arriving at an interface is: DNATs are considered first, then Proxies, and, finally, Packet Filter rules and Routes.  So, the trick is to use a DNAT instead of a PF rule, and just send the packets to a non-existant address.

    Did that work?

    Cheers - Bob
    PS  I usually recommend that the SMTP Proxy NOT be run in transparent mode, but, if this a home-use machine, then there's probably no security risk.
Children
No Data