I have a problem sender (a local TV station) that is bombarding us with legitimate messages to 3 different users, but one of these addresses is no longer active, resulting in them surpassing our Extreme PB levels. They are not responding to my emails to remove the bad address, so I'm looking for the best way to drop their connection ASAP. I added their IP to denySMTPConnectionsFrom but looking at the logs, you can see it run through a cycle of:
Add 25 to PB for Extreme Bad History - now 25 IP is found in denySMTPConnectionsFrom PB hits 11640, surpassing the Extreme limit of 150 The message is missing Message-ID Add 5 to PB for missing Message-ID - now at 30 (what happened to the 11640 a moment ago?) The message is missing From Connection times out Add 25 to PB for Extreme Bad History - now 25 NOW REPEATING... Mar-26-09 00:11:12 209.173.135.86 <[email protected]> MessageScore is now 25, after adding 25 (Extreme Bad History for 209.173.135.86) Mar-26-09 00:11:13 209.173.135.86 <[email protected]> found [email protected] in LDAP-cache Mar-26-09 00:11:13 [DenyIP] 209.173.135.86 <[email protected]> to: [email protected] [spam found] (blocked by denySMTPConnections or droplist'209.173.135.86') [Winter Storm Warning issued for metro Denver]; Mar-26-09 00:11:13 [Extreme] 209.173.135.86 <[email protected]> to: [email protected] [spam found] (score for 209.173.135.86 is 11640, surpassing extreme level of 150) [Winter Storm Warning issued for metro Denver]; Mar-26-09 00:11:13 [MsgID] 209.173.135.86 <[email protected]> to: [email protected] [scoring] (Message-ID missing) Mar-26-09 00:11:13 209.173.135.86 <[email protected]> to: [email protected] MessageScore is now 30, after adding 5 (Message-ID missing) Mar-26-09 00:11:13 [FromMissing] 209.173.135.86 <[email protected]> to: [email protected] [scoring] (From missing) Mar-26-09 00:11:13 209.173.135.86 <[email protected]> to: [email protected] MessageScore is now 80, after adding 50 (From missing) Mar-26-09 00:14:18 209.173.135.86 <[email protected]> to: [email protected] Connection idle for 180 secs - timeout Mar-26-09 00:14:18 209.173.135.86 <[email protected]> MessageScore is now 25, after adding 25 (Extreme Bad History for 209.173.135.86) Aside from the weird PB scores, can someone reveal the best way to drop a connection from a specific IP at the earliest possible moment? Thanks, Alex ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
