Results 1 to 3 of 3
  1. #1
    marekc Guest
    How to block a mail server

    Hi there
    Our server is currently getting flooded with a lot of emails..
    How do I block all emails originating from a server? we are using procmail
    Here is a sample email from the mqueue.site directory
    [root@turtle mqueue.site]# cat qfmBD3dg4o022410
    V6
    T1229139582
    K1229139582
    N1
    P332901
    I8/3/9422258
    Mbos... mime8to7: multipart nesting boundary too deep
    Fbs
    $_root@localhost
    $rESMTP
    $sturtle.domain.org
    ${daemon_flags}c u
    S<postmaster@baltrans.com>
    MDeferred: local mailer (/usr/bin/procmail) exited with EX_TEMPFAIL
    Cbos:503:503:root
    rRFC822; MAILER-DAEMON@domain.org
    RPFDA:bos
    H?P?Return-Path: <g>
    H??Received: from turtle.domain.org (root@localhost)
    by domain.org (8.12.11/8.12.11) with ESMTP id mBD3dg4o022410
    for <MAILER-DAEMON@domain.org>; Sat, 13 Dec 2008 14:39:42 +1100
    H??X-ClientAddr: 203.198.61.134
    H??Received: from mg1.baltrans.com (ipvpn014134.netvigator.com [203.198.61.134])
    by turtle.domain.org (8.12.11/8.12.11) with ESMTP id mBD3dE17022098
    for <MAILER-DAEMON@domain.org>; Sat, 13 Dec 2008 14:39:15 +1100
    H??Received: from mg1.baltrans.com (unknown [127.0.0.1])
    by mg1.baltrans.com (Symantec Mail Security) with ESMTP id 20D0F52801B
    for <MAILER-DAEMON@domain.org>; Sat, 13 Dec 2008 11:13:27 +0800 (HKT)
    H??Received: from mg1.baltrans.com (unknown [127.0.0.1]) by mg1.baltrans.com (Symantec Mail Security) with ESMTP id 23BAA52805A for <MAILER-DAEMON@domain.org>; Sat, 13 Dec 2008 07:14:53 +0800 (HKT)
    H??X-AuditID: cbc63d85-acf68bb000007279-2b-4942f065b546
    H??Received: from balsvr03.baltrans.intranet (balsvr03.baltrans.intranet [172.16.8.22]) by mg1.baltrans.com (Symantec Mail Security) with ESMTP id E8E154E4007 for <MAILER-DAEMON@domain.org>; Sat, 13 Dec 2008 07:14:45 +0800 (HKT)
    H??Received: from mail.baltrans.intranet ([203.198.61.150]) by balsvr03.baltrans.intranet with Microsoft SMTPSVC(6.0.3790.3959); Sat, 13 Dec 2008 07:15:31 +0800
    H??From: postmaster@baltrans.com
    H??To: MAILER-DAEMON@domain.org
    H??Date: Sat, 13 Dec 2008 07:15:31 +0800
    H??MIME-Version: 1.0
    H??Content-Type: multipart/report; report-type=delivery-status; boundary="9B095B5ADSN=_01C959207944EF9A0001962Amail.baltrans.in"
    H??X-DSNContext: 335a7efd - 4523 - 00000001 - 80040546
    H??Message-ID: <FKfDI1QQA00009abe@mail.baltrans.intranet>
    H??Subject: [WARNING - NOT VIRUS SCANNED] Delivery Status Notification (Failure)
    H??X-OriginalArrivalTime: 12 Dec 2008 23:15:31.0908 (UTC) FILETIME=[877F7840:01C95CAF]
    H??X-Brightmail-Tracker: AAAAAA==
    .
    [root@turtle mqueue.site]#

  2. #2
    If it is one particular originating mail server, just block tcp connections from that ip in your firewall.
    Someone else might come along and help you with the firewall rule.





    __________________█ server uptime monitor and alert service - basicstate.com█ MSNBC.COM - Site of the Week█ managed dns global failover and load balance - edgedirector.com

  3. #3
    marekc Guest
    Thanks for that.
    Just looking at the email I posted, do you(or anyone) know what is going on? we have thousands of emails in /var/spool/mqueue.site

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •