> I have started my own IP blacklist (to block incoming mail viruses and
> trojans) but soon ran into the 10 objects limit in the GNATBox address
> objects list. How do you overcome this?
Nesting. Create groups within groups.
> Is anyone running it's own DNS based blacklist? Is this easy to setup? Any
> online guides?
It's very easy to set up, especially if you've already got a DNS server handy.
Basically, you just make A records that return 127.0.0.2 for the IP addresses
you want to block. For example, suppose you wanted to make your list run on
blacklist.zeelandnet.nl, and you want to block these IP addresses:
1.2.3.4
2.3.4.5
3.4.5.6
For each address, create a FQDN by reversing the octets and adding your chosen
suffix:
4.3.2.1.blacklist.zeelandnet.nl
5.4.3.2.blacklist.zeelandnet.nl
6.5.4.3.blacklist.zeelandnet.nl
Now, in your DNS configuration, make A records for those domain names that
return 127.0.0.2. For BIND, that might look something like:
4.3.2.1.blacklist.zeelandnet.nl IN A 127.0.0.2
5.4.3.2.blacklist.zeelandnet.nl IN A 127.0.0.2
6.5.4.3.blacklist.zeelandnet.nl IN A 127.0.0.2
If you want the GNATBox proxy to return a custom error message to the blocked
servers, add a TXT record:
4.3.2.1.blacklist.zeelandnet.nl IN A 127.0.0.2
IN TXT "Send your spam elsewhere"
5.4.3.2.blacklist.zeelandnet.nl IN A 127.0.0.2
IN TXT "No spam allowed"
6.5.4.3.blacklist.zeelandnet.nl IN A 127.0.0.2
IN TXT "Connection denied"
Once you've verified the DNS configuration is correct, just edit the GNATBox
configuration, and set blacklist.zeelandnet.nl as one of your four allowed
lists.
--
Alex Howansky
Wankwood Associates
http://www.wankwood.com/
------------------------------------------------------
To unsubscribe: [EMAIL PROTECTED]
For additional commands: [EMAIL PROTECTED]
Archive: http://archives.gnatbox.com/gb-users/
