On Tue, Aug 27, 2002 at 04:19:24PM -0700, Brent Irwin wrote: > I've had a lot of extraneous traffic sourcing from my mail server to > mailer3.hispeedmediaoffers.com. I'm still researching if the culprit > is internal, but I was wondering if any of you know of a software > package that would, somewhat dynamically enable me to set a filter on > incoming/outgoing messages to specified domain names? I could set it > at the firewall or the mail server, but this would be a massive manual > undertaking that I would love to see dynamic in nature. Brent, performing this on a per-mailserver basis is certainly possible but would require more details. (And no, I no longer know any mail server well enough to give the gist of how to do it. :) If you've got an iptables firewall in place, this script should help: #!/bin/sh # /sbin/goaway <address> /sbin/ipchains -A input -p tcp -s $1 -d 0/0 -j DENY /sbin/ipchains -A input -p tcp -s $1 -d 0/0 -y -j DENY If you've got a pf firewall in place, add some lines such as this to your /etc/pf.conf and reload the rules: block return-rst in log quick on xl0 proto tcp from 192.168.0.0/16 to any Of course, this will kill all communication with whoever you tell to "goaway" or block their packets, so it should only be used if you really don't want the traffic. :) -- http://sardonix.org/
This archive was generated by hypermail 2b30 : Wed Aug 28 2002 - 02:20:51 PDT