Eric Noel wrote:
Thanks to all those who responded to my previous question about patching.Check your quarantine from the AV, there you can read the headers and find the IP addresses the Virus originated from.
Ive been trying to find the ipaddress of most senders both outside/local, i tried qmailanalog but i only get recipients list or senders list with no ip. Are there any good scripts there to list a summary with ip of senders, ive been trying to catch those nasty virus wildly emailing to anyone on our email before it gets to my poor clamav. most of the time we cant get into our qmail my guess is that those spammer/virus fully exhausted our smtp ports
Use the following RBLs ... -r sbl-xbl.spamhaus.org -r relays.ordb.org -r dynablock.njabl.org
That last one will help you the most, it stops incoming from dynamic ranges, mostly the broadband cable/dsl trojan infected spam relays.
You may also want to stop accepting from IP ranges that don't reverse lookup, this is probably a good idea as AOL won't accept from IPs that don't resolve so there's a good chance most legit mail senders have already set this up at their end. Add to bottom of your tcp.smtp file ...
=:allow
:allow,RBLSMTPD="-Connection Refused - Set your Reverse DNS Lookup, contact your network/ISP admin"
Enjoy :)
