On Fri, Sep 28, 2018 at 08:30:55AM +0000, Antonino Sidoti wrote: > table shithole file:/etc/mail/blacklist > > The file ‘blacklist’ contain the IP addresses that I wish to block, one per > line. I also have added a reject statement to my ‘smtpd.conf’ like so; > > reject from source <shithole> for any > > What I notice is that it does not block the IP address and it continues to > attempt a connection to the mail server. The IP address in question is > showing up in ‘/var/log/maillog’ like so; > > Sep 28 18:22:12 obsd-svr3 smtpd[68949]: b6ab24ef369520cc smtp > event=failed-command address=185.xxx.xxx.254 host=185.xxx.xxx.254 > command="AUTH LOGIN" result="503 5.5.1 Invalid command: Command not supported” > > Any idea why the reject statement does not work?
Well, the mail does get rejected, doesn't it? it's possible that a simple pf.conf with a table you block from, fed from the file you already have would be the solution your're looking for. Perhaps supplemented with a spamd(8) setup. a couple of writeups of mine that you might find useful: https://bsdly.blogspot.com/2017/04/forcing-password-gropers-through.html https://bsdly.blogspot.com/2013/05/keep-smiling-waste-spammers-time.html It's also possible that the enumerated badness from https://bsdly.blogspot.com/2018/08/badness-enumerated-by-robots.html could usefully supplement your data sources. All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
