Chris, Methinks the router would be the best place, but we don't control our router (the ISP does). So far I have 84 rules on my SW Pro, 73 are DENY SMTP, there is a limit - not sure how many.
I can't seem to block ALL traffic from the bad guys due to the SW re-ordering the rules. If I DENY DEFAULT from x.y.0.0 - x.y.255.255 to *, it puts this rule below the ALLOW SMTP from WAN to DMZ <mailserveraddr> (which is required due to our email server). If I DENY SMTP from WAN x.y.0.0 - x.y.255.255 to DMZ <mailserveraddr>, it puts this rule on top. In short, the more specific the rule, the higher it goes in the list. FYI - I tried all kinds of rules to get the deny's on top - no joy. I did setup a "bait" mailbox by the name of John@ and have gotten 5 spam emails in 4 days - I then look at the inet headers and add the smtp server that it came from. My SW log shows a dropped smtp every 5 minutes or more, almost all from the Chinese/Korean list. hth, Devin L. Meade, CNE, MCP Network Administrator Frankfurt-Short-Bruza www.fsb-ae.com <http://www.fsb-ae.com> -----Original Message----- From: Chris Hunt [mailto:[EMAIL PROTECTED]] Sent: Friday, May 24, 2002 11:27 AM To: [EMAIL PROTECTED] Subject: RE: [SonicWALL]- Blocking certain SMTP servers Should this be done in the router or the SW? There is only so many rules in the SW unless I'm doing something wrong ;) Chris At 11:09 AM 05/24/2002 -0500, you wrote: >See http://www.okean.com/asianspamblocks.html ><http://www.okean.com/asianspamblocks.html> - This works. > >DL Meade, CNE, MCP >Network Administrator >Frankfurt-Short-Bruza >www.fsb-ae.com <http://www.fsb-ae.com> > > > -----Original Message----- --- [This E-mail scanned for viruses by Declude/F-Prot AV] ============================================================================ ======================= To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ --- [This E-mail scanned for viruses by Declude/F-Prot AV] =================================================================================================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
