Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 1777 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block a subnet from accessing the transparent SMTP proxy?

JonEtkins
I'm trying to block a particular subnet which is originating a bunch of what I consider SPAM.  (I'm puzzled why they don't appear in the RBL's I use, but that's a discussion for another day.)

Since Astaro's Mail Security doesn't appear to provide any way to blacklist based on originating IP address, I am attempting to block them at the packet filter, but my attempts have been unsuccessful.

I have created a network definition definition:

Name: nationwideassociatesinc.com
Type: Network
Interface: >
IPv4 Address: 64.18.137.192
Netmask: /27(255.255.255.224)

and added that to my "Known Offenders" Network Group.

My firewall rule #1 is

Source: Known offenders
Service: Any
Destination: Any
Action: Drop and log

and #2 is 

Source: Known offenders
Service: Any
Destination: WAN(Address)
Action: Drop and log

yet these a-holes continue to get through.

I'm running the SMTP proxy in transparent mode, and I guess the problem is somehow related to the sequence of events within ASG.  Any ideas or suggestions how to block this traffic?


This thread was automatically locked due to age.
Parents
  • 0
    Normally, the only thing that initiates an outbound email is a mail server, and those should be listed in 'Allowed hosts/networks' on the 'Relaying' tab.  If you're dealing with a home network, then that's likely not the case.

    If you have 'Transparent mode' selected, then any PC on your network that gets a Trojan can become a spambot, and your IP will be blacklisted faster than you can imagine.  The same thing can happen if you put your Internal network into 'Allowed hosts/networks'.

    Cheers - Bob
Reply
  • 0
    Normally, the only thing that initiates an outbound email is a mail server, and those should be listed in 'Allowed hosts/networks' on the 'Relaying' tab.  If you're dealing with a home network, then that's likely not the case.

    If you have 'Transparent mode' selected, then any PC on your network that gets a Trojan can become a spambot, and your IP will be blacklisted faster than you can imagine.  The same thing can happen if you put your Internal network into 'Allowed hosts/networks'.

    Cheers - Bob
Children
No Data