RE: [Declude.JunkMail] Stop one IP address

[John Tolmachoff \(Lists\)]

Title: Message

I would also put that list OFF of the Imail server. Maybe a IIS server or something.   John Tolmachoff Engineer/Consultant/Owner eServices For You   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Monday, September 27, 2004 4:10 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Stop one IP address   I did not think that if I was simply the MX record for the domain that I would get blacklisted. I thought that it would be the broadcast e-mail service provider.   The flood of NDRs certainly puts a strain on our server and while it seems that I was able to keep up with it today I am told that this list is going to grow from the 20-30 thousand e-mails that are on it today to over 200,000 e-mails. This list is something that people sign up for but there is no verification of their e-mail address so they can type in anything they want (or make a legitimate typo).   I think I am going to have a stronger word with them about this and tell them that they must clean up their act.   Thanx to all for the info          Goran Jovanovic      The LAN Shoppe     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Monday, September 27, 2004 2:52 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Stop one IP address   This is one of your customers saying they do not care. I would boot them for abusing your servers or at least charge them for the headaches. If they continue you will end up on black lists for continually sending to non existent email addresses. You may think that because the emails are not being sent from your server that you will not be bleck listed but there are lists out there that will black list you because the NDRs are being delivered to your server.   We are on AT&T and had a customer doing just this. We told them to stop or we would terminate there service, we did this after AT&T theratened to terminate our service after they received complaints to their abuse address. The source of the email was not our server but they used an email on our server for the NDRs.       Kevin Bilbee     -----Original Message----- From: Goran Jovanovic [mailto:[EMAIL PROTECTED]On Behalf Of Goran Jovanovic Sent: Monday, September 27, 2004 11:31 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Stop one IP address Andrew,   According to the IMail manual you can only put e-mail addresses into the KILL.LST file. It does not say anything about IPs.   I have told them that they need to clean up their lists but they say that it is too much trouble and they don't care.   Matt - do you have the name of that product that collects NDRs and cleans the list?   Thanx Goran   From: [EMAIL PROTECTED] on behalf of Colbeck, Andrew Sent: Mon 9/27/2004 1:56 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] Stop one IP address You can hide the problem by going into your IMail configuration under SMTP, then the SMTP Security tab and adding the IP address to the IMail Kill File.  When IMail sees a connection from that IP, it drops it, without returning an error to the sender, and without logging the action in your sysMMDD.txt file.   I say that this is hiding the problem, because it doesn't address the problem directly, and you won't have any idea how many times they're retrying.  Because the connection is just dropped, they should try again, and will.  Whether that is more of an impact than "swallowing them" like you're doing now is up to you!   Another sneaky way of dropping the traffic is to disallow routing entirely, right there on your server.   route add -p 1.1.1.1 mask 255.255.255.255 127.0.0.1   replace the 1.1.1.1 with the address of the bad host.   Andrew 8) -----Original Message----- From: Goran Jovanovic [mailto:[EMAIL PROTECTED] Sent: Monday, September 27, 2004 9:59 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Stop one IP address Hi,   From what I can see the imail kill.lst works on the MAIL FROM recipient. I am looking for a way to specifically disallow one IP address. The reason I need to do the IP is because the sender is NULL. The messages are bounce backs from an e-mail campaign of one of the domains that I forward (you know all the messages email address is no longer valid etc etc).   This domain uses a service somewhere out there and gives them a list. Unfortunately they do not clean or verify the list at all so a lot of bouncebacks. They will do a broadcast to 25-30 thousand and I will see a 2000 to 3000 incoming e-mail spike in an hour or 2.   As a temporary measure I have whitelisted the IP so that I do not spend as much processing time but I would really like to kill the connection as it comes in so I so not have to process much of it.   Any other thoughts on what I can do?   Thanx            Goran Jovanovic      The LAN Shoppe

<<image001.gif>>