This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMTP Attacks - RBL/DNAT Blackhole

We are getting a huge SMTP attack from a number of IPs. I've gone ahead and created a DNAT rule that sends them to a blackhole address, but I'm not understanding why exim is still receiving the TCP connection, if I have everything set correctly. Shouldn't the NAT rule precede the proxy connection, according to the Rulz?



This thread was automatically locked due to age.
Parents
  • The solution proposed here worked. The suggestion to break out all of the external interfaces individually into a network group and enter that into "Going to" proved to be the solution. Before I was using the subnet of the internet provider, and that did not catch all; although I not sure why that didn't work. Anyways, problem solved. Thanks!

Reply
  • The solution proposed here worked. The suggestion to break out all of the external interfaces individually into a network group and enter that into "Going to" proved to be the solution. Before I was using the subnet of the internet provider, and that did not catch all; although I not sure why that didn't work. Anyways, problem solved. Thanks!

Children