Menu
▾
▴
[Assp-user] How to outright block an IP
|
From: Alex D. <Al...@so...> - 2009-03-28 03:17:51
|
I have a problem sender (a local TV station) that is bombarding us with legitimate messages to 3 different users, but one of these addresses is no longer active, resulting in them surpassing our Extreme PB levels. They are not responding to my emails to remove the bad address, so I'm looking for the best way to drop their connection ASAP. I added their IP to denySMTPConnectionsFrom but looking at the logs, you can see it run through a cycle of: Add 25 to PB for Extreme Bad History - now 25 IP is found in denySMTPConnectionsFrom PB hits 11640, surpassing the Extreme limit of 150 The message is missing Message-ID Add 5 to PB for missing Message-ID - now at 30 (what happened to the 11640 a moment ago?) The message is missing From Connection times out Add 25 to PB for Extreme Bad History - now 25 NOW REPEATING... Mar-26-09 00:11:12 209.173.135.86 <we...@kd...> MessageScore is now 25, after adding 25 (Extreme Bad History for 209.173.135.86) Mar-26-09 00:11:13 209.173.135.86 <we...@kd...> found ri...@MY... in LDAP-cache Mar-26-09 00:11:13 [DenyIP] 209.173.135.86 <we...@kd...> to: ri...@MY... [spam found] (blocked by denySMTPConnections or droplist'209.173.135.86') [Winter Storm Warning issued for metro Denver]; Mar-26-09 00:11:13 [Extreme] 209.173.135.86 <we...@kd...> to: ri...@MY... [spam found] (score for 209.173.135.86 is 11640, surpassing extreme level of 150) [Winter Storm Warning issued for metro Denver]; Mar-26-09 00:11:13 [MsgID] 209.173.135.86 <we...@kd...> to: ri...@MY... [scoring] (Message-ID missing) Mar-26-09 00:11:13 209.173.135.86 <we...@kd...> to: ri...@MY... MessageScore is now 30, after adding 5 (Message-ID missing) Mar-26-09 00:11:13 [FromMissing] 209.173.135.86 <we...@kd...> to: ri...@MY... [scoring] (From missing) Mar-26-09 00:11:13 209.173.135.86 <we...@kd...> to: ri...@MY... MessageScore is now 80, after adding 50 (From missing) Mar-26-09 00:14:18 209.173.135.86 <we...@kd...> to: ri...@MY... Connection idle for 180 secs - timeout Mar-26-09 00:14:18 209.173.135.86 <we...@kd...> MessageScore is now 25, after adding 25 (Extreme Bad History for 209.173.135.86) Aside from the weird PB scores, can someone reveal the best way to drop a connection from a specific IP at the earliest possible moment? Thanks, Alex |
