How do I go about shunning the IP - via Exim or via SA? And where if possible
-----Original Message----- From: Jack Pepper [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 11:48 AM To: users@spamassassin.apache.org Subject: Re: netstat info-blacklist IP Quoting Jean-Paul Natola <[EMAIL PROTECTED]>: > I did trace it back to this IP enewsletter11.ruceci.com > (enewsletter.ruceci.com) [208.74.102.200] > which is a datacenter in KS: Arsalon Technologies LLC Send them a friendly/helpful note (include packet traces or mail logs) since we will politely assume they don't know about it already. Then shun the IP at the perimeter. > > Is it safe to blacklist the IP - if so I don't recall seeing info on > blacklist IP's That's a matter of personal style. I shun ip addresses and block incoming SMTP connections quite agressively. Users don't seem to mind, it keeps the bad traffic down. In one week last month, perimeter blacklisting dropped 1.5 million incoming SMTP connections. I don't know what those people wanted to tell me, and I really don't care. Every address is there because of some identifiable bot-related network behavior. Some people thing shunning is bad. As we say in Nebraska, " ... but you gotta do what works for you". > By the way how can I get more data on why it timed out ? > only if something show up in your mail logs or firewall logs. jp -- Framework? I don't need no steenking framework! ---------------------------------------------------------------- @fferent Security Labs: Isolate/Insulate/Innovate http://www.afferentsecurity.com
