Re: Blocking IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Alejandro Flores wrote:
	But, if you're using sendmail, maybe the best to do is to tell sendmail
to reject the traffic from this particular host.
	Go to /etc/mail, edit the file called 'access' and append a line like
this:
202.154.10.146	REJECT "You're sending too much viruses!"
	Then save, type 'make' and restart sendmail.

Access.db is a map. You don't need to restart sendmail after you update /etc/mail/access file and rebuild access.db map (either using supplied Makefile if present, or by running "makemap hash access.db < access", I prefer later over former). Same for all other maps. You only need to restart sendmail when sendmail.cf is changed, and any of the files referenced by F lines in sendmail.cf (those are read once at startup).


Although solution with sendmail is cleaner and more polite (the offender gets the error why he/she is refused, and you are blocking only email), I don't think that somebody who is not noticing that he/she is spitting out viruses in such a high rate is going to notice and/or care about it.

--
Aleksandar Milivojevic <amilivojevic@xxxxxx>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux