This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMTP Attacks - RBL/DNAT Blackhole

We are getting a huge SMTP attack from a number of IPs. I've gone ahead and created a DNAT rule that sends them to a blackhole address, but I'm not understanding why exim is still receiving the TCP connection, if I have everything set correctly. Shouldn't the NAT rule precede the proxy connection, according to the Rulz?

This thread was automatically locked due to age.

Top Replies

Michael_Kuerschner over 3 years ago in reply to superbits +2 verified

Hi, do you have one external IP address or other second external IP addresses? If there are more than the primary, please include the other external IPs to your DNAT rule. Regards, Michael

Parents

+1 superbits over 3 years ago

The solution proposed here worked. The suggestion to break out all of the external interfaces individually into a network group and enter that into "Going to" proved to be the solution. Before I was using the subnet of the internet provider, and that did not catch all; although I not sure why that didn't work. Anyways, problem solved. Thanks!
Cancel
Vote Up +2 Vote Down

Cancel
0 reag over 3 years ago in reply to superbits

Thanks, this pointed me in the right direction. Sidenote: I was looking for a solution to block the exact same /24 net, what a coincidence.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 reag over 3 years ago in reply to superbits

Thanks, this pointed me in the right direction. Sidenote: I was looking for a solution to block the exact same /24 net, what a coincidence.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data