On Fri, Sep 28, 2018 at 09:14:17AM +0000, Antonino Sidoti wrote: > Hi Peter >
Hi, > I am using spamd. > > So the ???reject??? statement still logs the connection as seen in the log > sample I provided. I was expecting to see a different log entry along the > lines of ???source IP rejected???. The log information gives me the > impression that the ???reject??? is not working. > > Happy to configure a table in ???pf.conf??? and block the IP that way. > But then what is the point of the ???reject??? in the smtpd.conf? > The ruleset within smtpd only cares about envelopes. It doesn't accept or reject clients, it accept or rejects envelopes so they do or do not enter the queue for delivery. Gilles > > On 28 Sep 2018, at 6:56 pm, Peter N. M. Hansteen <[email protected]> wrote: > > > >> On Fri, Sep 28, 2018 at 08:30:55AM +0000, Antonino Sidoti wrote: > >> table shithole file:/etc/mail/blacklist > >> > >> The file ???blacklist??? contain the IP addresses that I wish to block, > >> one per line. I also have added a reject statement to my ???smtpd.conf??? > >> like so; > >> > >> reject from source <shithole> for any > >> > >> What I notice is that it does not block the IP address and it continues to > >> attempt a connection to the mail server. The IP address in question is > >> showing up in ???/var/log/maillog??? like so; > >> > >> Sep 28 18:22:12 obsd-svr3 smtpd[68949]: b6ab24ef369520cc smtp > >> event=failed-command address=185.xxx.xxx.254 host=185.xxx.xxx.254 > >> command="AUTH LOGIN" result="503 5.5.1 Invalid command: Command not > >> supported??? > >> > >> Any idea why the reject statement does not work? > > > > Well, the mail does get rejected, doesn't it? > > > > it's possible that a simple pf.conf with a table you block from, fed from > > the file you already have would be the solution > > your're looking for. Perhaps supplemented with a spamd(8) setup. > > > > a couple of writeups of mine that you might find useful: > > > > https://bsdly.blogspot.com/2017/04/forcing-password-gropers-through.html > > https://bsdly.blogspot.com/2013/05/keep-smiling-waste-spammers-time.html > > > > It's also possible that the enumerated badness from > > https://bsdly.blogspot.com/2018/08/badness-enumerated-by-robots.html could > > usefully supplement your data sources. > > > > All the best, > > Peter > > > > -- > > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > > "Remember to set the evil bit on all malicious network traffic" > > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > > > > -- > > You received this mail because you are subscribed to [email protected] > > To unsubscribe, send a mail to: [email protected] > > -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
