Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Subscribers 6 subscribers
  • Views 3131 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Smtp IP Blacklist

StefanoColombo

Hello

I'm looking for a solution that allows me to actively block external SMTP connection from "bad" IP which are trying to use autentication as per the following log

im-in[1041]: 2020-09-14 12:24:32 server_login authenticator failed for (User) [45.142.120.74]:11730: 535 Incorrect authentication data (set_id=webmaster@xxx.com)
2020:09:14-12:24:33 utm-1 exim-in[1041]: 2020-09-14 12:24:33 SMTP connection from (User) [45.142.120.74]:11730 closed by QUIT
As I found in other thread a normal firewall rule is not working and in a thread was mentioned that a "blackhoe DNAT should be created
However even with such DNAT created I still see connection attempt from the banned Hosts IP
I'm not using transparent mode
Is there a way to fix it ?
thanks
Stefano


This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    some notes from my site because I had the same problem with DNAT and stop the "bad" IPs.

    Point 1: Include _all_ WAN IP addresses, if you have not only a primary official address.

    Point2: Include service port 465/tcp in addition to 25/tcp (and 587/tcp)

    My DNAT rule looks like.

    origin source:GROUP_IP_SPAMMER

    origin service. GROUP_SMTP_SERVICES( 25/tcp,465/tcp,587/tcp )

    origin destinaton: GROUP_WAN-ADDRESSES_UTM

    NAT-destination: FAKE-IP 

    Regards,

    Michael

Reply
  • 0

    Hello,

    some notes from my site because I had the same problem with DNAT and stop the "bad" IPs.

    Point 1: Include _all_ WAN IP addresses, if you have not only a primary official address.

    Point2: Include service port 465/tcp in addition to 25/tcp (and 587/tcp)

    My DNAT rule looks like.

    origin source:GROUP_IP_SPAMMER

    origin service. GROUP_SMTP_SERVICES( 25/tcp,465/tcp,587/tcp )

    origin destinaton: GROUP_WAN-ADDRESSES_UTM

    NAT-destination: FAKE-IP 

    Regards,

    Michael

Children
No Data
Unfiltered HTML