On 2013-07-12 9:02, Karsten Bräckelmann wrote:
> On Fri, 2013-07-12 at 05:14 +0430, Moein Sarvi wrote: > >> Hello is there anyway to blacklist an IP address? > > Yes. Step 1: Create your own blacklist. Step 2: Report the IP. Optional > step 3: Create rules in SA to query your blacklist created in step 1. Of > course, I am merely assuming here you are actually asking something > relevant to SA... > > Joking apart, your question is *really* vague. In cases like this, it is > a lot better to describe your actual problem, rather than asking > something this broad. You still can add the missing info, and tell us > about your problem. > > Bunch-o-pointers regarding "blacklisting" an IP address: > > SA does not reject, quarantine, drop or deliver mail. All it does is > scoring. Thus, in case your "blacklisting" query involves these, you'd > better check back with your SA calling layer. > > If you definitely are about rejecting mail from a given IP, you'd want > to look at your MX STMP configuration. > > If you are happy to "severely punish" mail sent from a given IP, without > a need to reject the mail, SA can do what you want. Punishment ranges > from scoring, classifying as spam, all the way up to quarantining and > simply dropping down the bin bucket -- the latter two depending on the > following tools in your mail-processing chain. > > Flooring mail in SA sent via a given IP (aka blacklisting) is possible > in various ways, depending on your needs, configuration, accuracy of > your configuration (like receiving mail via mailing lists) -- and of > course your knowledge of mail headers, SA rules, SA pseudo headers, and > RE in general. But I digress... > > Likely candidates are the X-Spam-Relays-* Untrusted and External pseudo > headers. But that could be done more efficiently in your SMTP, if you > mean *black* as a pseudonym of *block*. > > And if you really dislike the IP, you could als craft some simple > Received header rules in SA. Though at this point, we're crossing the > line between blacklist and blacklist. And deep header parsing. > > Where did I start off again? Oh, right -- what exactly is the problem > you're facing and the result you want to achieve? Hi, Perhaps: header BLACKLIST_IP Received=~ /[IPaddress]/ score BLACKLIST_IP 100 describe BLACKLIST_IP Disallow from IP address If you use Postfix for your MTA, then drop into your_ header_checks_ file /^Received: from IPaddress/ REJECT Bye bye to your IP address and then and add into the_ main.cf_ header_checks = pcre:/etc/postfix/header_checks Completely untested and not really thought about, of course. I suspect my regexes are broken, but this gives you an idea. -- "I decided that I was a lemon for a couple of weeks. I kept myself amused all that time jumping in and out of a gin and tonic." simon@klunky .co.uk / .org
