Results 1 to 3 of 3
Thread: How to block a mail server
-
12-12-2008, 11:43 PM #1marekc Guest
How to block a mail server
Hi there
Our server is currently getting flooded with a lot of emails..
How do I block all emails originating from a server? we are using procmail
Here is a sample email from the mqueue.site directory
[root@turtle mqueue.site]# cat qfmBD3dg4o022410
V6
T1229139582
K1229139582
N1
P332901
I8/3/9422258
Mbos... mime8to7: multipart nesting boundary too deep
Fbs
$_root@localhost
$rESMTP
$sturtle.domain.org
${daemon_flags}c u
S<postmaster@baltrans.com>
MDeferred: local mailer (/usr/bin/procmail) exited with EX_TEMPFAIL
Cbos:503:503:root
rRFC822; MAILER-DAEMON@domain.org
RPFDA:bos
H?P?Return-Path: <g>
H??Received: from turtle.domain.org (root@localhost)
by domain.org (8.12.11/8.12.11) with ESMTP id mBD3dg4o022410
for <MAILER-DAEMON@domain.org>; Sat, 13 Dec 2008 14:39:42 +1100
H??X-ClientAddr: 203.198.61.134
H??Received: from mg1.baltrans.com (ipvpn014134.netvigator.com [203.198.61.134])
by turtle.domain.org (8.12.11/8.12.11) with ESMTP id mBD3dE17022098
for <MAILER-DAEMON@domain.org>; Sat, 13 Dec 2008 14:39:15 +1100
H??Received: from mg1.baltrans.com (unknown [127.0.0.1])
by mg1.baltrans.com (Symantec Mail Security) with ESMTP id 20D0F52801B
for <MAILER-DAEMON@domain.org>; Sat, 13 Dec 2008 11:13:27 +0800 (HKT)
H??Received: from mg1.baltrans.com (unknown [127.0.0.1]) by mg1.baltrans.com (Symantec Mail Security) with ESMTP id 23BAA52805A for <MAILER-DAEMON@domain.org>; Sat, 13 Dec 2008 07:14:53 +0800 (HKT)
H??X-AuditID: cbc63d85-acf68bb000007279-2b-4942f065b546
H??Received: from balsvr03.baltrans.intranet (balsvr03.baltrans.intranet [172.16.8.22]) by mg1.baltrans.com (Symantec Mail Security) with ESMTP id E8E154E4007 for <MAILER-DAEMON@domain.org>; Sat, 13 Dec 2008 07:14:45 +0800 (HKT)
H??Received: from mail.baltrans.intranet ([203.198.61.150]) by balsvr03.baltrans.intranet with Microsoft SMTPSVC(6.0.3790.3959); Sat, 13 Dec 2008 07:15:31 +0800
H??From: postmaster@baltrans.com
H??To: MAILER-DAEMON@domain.org
H??Date: Sat, 13 Dec 2008 07:15:31 +0800
H??MIME-Version: 1.0
H??Content-Type: multipart/report; report-type=delivery-status; boundary="9B095B5ADSN=_01C959207944EF9A0001962Amail.baltrans.in"
H??X-DSNContext: 335a7efd - 4523 - 00000001 - 80040546
H??Message-ID: <FKfDI1QQA00009abe@mail.baltrans.intranet>
H??Subject: [WARNING - NOT VIRUS SCANNED] Delivery Status Notification (Failure)
H??X-OriginalArrivalTime: 12 Dec 2008 23:15:31.0908 (UTC) FILETIME=[877F7840:01C95CAF]
H??X-Brightmail-Tracker: AAAAAA==
.
[root@turtle mqueue.site]#
-
12-13-2008, 12:38 AM #2******* Unleaded
- Join Date
- Feb 2004
- Posts
- 3,849
If it is one particular originating mail server, just block tcp connections from that ip in your firewall.
Someone else might come along and help you with the firewall rule.
__________________â server uptime monitor and alert service - basicstate.comâ MSNBC.COM - Site of the Weekâ managed dns global failover and load balance - edgedirector.com
-
12-13-2008, 02:41 AM #3marekc Guest
Thanks for that.
Just looking at the email I posted, do you(or anyone) know what is going on? we have thousands of emails in /var/spool/mqueue.site