"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
This article describes how to enable MTA IP Blocking for PureMessage for UNIX. This service allows you to block IP addresses with a bad reputation at the connection-level.
First seen in PureMessage for Unix
The Puremessage Blocklist is not enabled by default on new installations of the product and must be enabled to allow blocking at the MTA level.
To enable the IP blocklist data, run the following command as the pmx user: $ pmx-blocklist --enable
$ pmx-blocklist --enable
Via the PureMessage Manager UI, turn on IP blocking:
To verify IP blocker service is running, run the following command: $ pmx-service status blockerd
$ pmx-service status blockerd
When IP blocker has been turned on the following configuration is added to the Postfix main.cf file: smtpd_client_restrictions = ignore_policy_error,check_policy_service inet:[127.0.0.1]:4466
smtpd_client_restrictions = ignore_policy_error,check_policy_service inet:[127.0.0.1]:4466
When IP blocker is working, the following log file will be created: /opt/pmx/var/log/blocklist_log
This log file will show when connections are accepted or rejected based on IP blocking data. For example:
"188.8.131.52 OK" for a connection that was accepted. "184.108.40.206 REJECT" for an IP address that was listed as a spam source or compromised host.
For more information on configuring IP blocker, see the following sophos.com article: PureMessage for UNIX: Enabling Sender Genotype for IP Blocker
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.