Hi there,
We have a machine on the network that has been infected and is sending out
spam. The people responsible say the machine has been cleaned and
disconnected from the network but this is not the case. It seems they don't
know what they are doing and I have decided to rather block the
mxc wrote:
Hi there,
We have a machine on the network that has been infected and is sending out
spam. The people responsible say the machine has been cleaned and
disconnected from the network but this is not the case. It seems they don't
know what they are doing and I have decided to rather
Have you tried blacklisting the IP in the smtp proxy setup ?
One one network I administer we have blocked all IPs except the only 2
legit sending systems... but its only a Class C network.
Keith
Mike Tremaine wrote:
mxc wrote:
Hi there,
We have a machine on the network that has been
Keith-109 wrote:
Have you tried blacklisting the IP in the smtp proxy setup ?
One one network I administer we have blocked all IPs except the only 2
legit sending systems... but its only a Class C network.
Keith
Thanks for the reply. Yes I tried that but it doesn't seem to work.
Mike Tremaine wrote:
MIght be the way NAT is setup try this
/sbin/iptables -t nat -I CUSTOMPREROUTING -s 192.168.12.12 -j DROP
Giving it a go now. I did do a IPTable -t nat -I PREROUTING 1 -s source
but no luck. Let me try ther CUSTOMPREROUTING chain.
-
mxc wrote:
Keith-109 wrote:
Have you tried blacklisting the IP in the smtp proxy setup ?
One one network I administer we have blocked all IPs except the only 2
legit sending systems... but its only a Class C network.
Keith
ok iptables -L -n -v show 0 bytes being hit
on 2-25-2009 10:32 AM mxc spake the following:
Hi there,
We have a machine on the network that has been infected and is sending out
spam. The people responsible say the machine has been cleaned and
disconnected from the network but this is not the case. It seems they don't
know what they
Scott Silva wrote:
Are the rules far enough up the chain to hit? Or is that address hitting
above
them?
I think so thats why I inserted them instead of appending. Looks ok eg
iptables -L FORWARD
Chain FORWARD (policy DROP)
target prot opt source destination