Hi Peter I am using spamd.
So the “reject” statement still logs the connection as seen in the log sample I provided. I was expecting to see a different log entry along the lines of “source IP rejected”. The log information gives me the impression that the ‘reject’ is not working. Happy to configure a table in “pf.conf” and block the IP that way. But then what is the point of the “reject” in the smtpd.conf? > On 28 Sep 2018, at 6:56 pm, Peter N. M. Hansteen <pe...@bsdly.net> wrote: > >> On Fri, Sep 28, 2018 at 08:30:55AM +0000, Antonino Sidoti wrote: >> table shithole file:/etc/mail/blacklist >> >> The file ‘blacklist’ contain the IP addresses that I wish to block, one per >> line. I also have added a reject statement to my ‘smtpd.conf’ like so; >> >> reject from source <shithole> for any >> >> What I notice is that it does not block the IP address and it continues to >> attempt a connection to the mail server. The IP address in question is >> showing up in ‘/var/log/maillog’ like so; >> >> Sep 28 18:22:12 obsd-svr3 smtpd[68949]: b6ab24ef369520cc smtp >> event=failed-command address=185.xxx.xxx.254 host=185.xxx.xxx.254 >> command="AUTH LOGIN" result="503 5.5.1 Invalid command: Command not >> supported” >> >> Any idea why the reject statement does not work? > > Well, the mail does get rejected, doesn't it? > > it's possible that a simple pf.conf with a table you block from, fed from the > file you already have would be the solution > your're looking for. Perhaps supplemented with a spamd(8) setup. > > a couple of writeups of mine that you might find useful: > > https://bsdly.blogspot.com/2017/04/forcing-password-gropers-through.html > https://bsdly.blogspot.com/2013/05/keep-smiling-waste-spammers-time.html > > It's also possible that the enumerated badness from > https://bsdly.blogspot.com/2018/08/badness-enumerated-by-robots.html could > usefully supplement your data sources. > > All the best, > Peter > > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org >
