Hi Gilles Therefore in my case I can remove the “reject” statement and let the packet filter block the IP. I don’t want the offending IP to even reach the mail server.
Thanks for the clarification. > On 28 Sep 2018, at 7:25 pm, Gilles Chehade <gil...@poolp.org> wrote: > >> On Fri, Sep 28, 2018 at 09:14:17AM +0000, Antonino Sidoti wrote: >> Hi Peter >> > > Hi, > >> I am using spamd. >> >> So the ???reject??? statement still logs the connection as seen in the log >> sample I provided. I was expecting to see a different log entry along the >> lines of ???source IP rejected???. The log information gives me the >> impression that the ???reject??? is not working. >> >> Happy to configure a table in ???pf.conf??? and block the IP that way. >> But then what is the point of the ???reject??? in the smtpd.conf? >> > > The ruleset within smtpd only cares about envelopes. > > It doesn't accept or reject clients, it accept or rejects envelopes so they > do or do not enter the queue for delivery. > > Gilles > > > > >>>> On 28 Sep 2018, at 6:56 pm, Peter N. M. Hansteen <pe...@bsdly.net> wrote: >>>> >>>> On Fri, Sep 28, 2018 at 08:30:55AM +0000, Antonino Sidoti wrote: >>>> table shithole file:/etc/mail/blacklist >>>> >>>> The file ???blacklist??? contain the IP addresses that I wish to block, >>>> one per line. I also have added a reject statement to my ???smtpd.conf??? >>>> like so; >>>> >>>> reject from source <shithole> for any >>>> >>>> What I notice is that it does not block the IP address and it continues to >>>> attempt a connection to the mail server. The IP address in question is >>>> showing up in ???/var/log/maillog??? like so; >>>> >>>> Sep 28 18:22:12 obsd-svr3 smtpd[68949]: b6ab24ef369520cc smtp >>>> event=failed-command address=185.xxx.xxx.254 host=185.xxx.xxx.254 >>>> command="AUTH LOGIN" result="503 5.5.1 Invalid command: Command not >>>> supported??? >>>> >>>> Any idea why the reject statement does not work? >>> >>> Well, the mail does get rejected, doesn't it? >>> >>> it's possible that a simple pf.conf with a table you block from, fed from >>> the file you already have would be the solution >>> your're looking for. Perhaps supplemented with a spamd(8) setup. >>> >>> a couple of writeups of mine that you might find useful: >>> >>> https://bsdly.blogspot.com/2017/04/forcing-password-gropers-through.html >>> https://bsdly.blogspot.com/2013/05/keep-smiling-waste-spammers-time.html >>> >>> It's also possible that the enumerated badness from >>> https://bsdly.blogspot.com/2018/08/badness-enumerated-by-robots.html could >>> usefully supplement your data sources. >>> >>> All the best, >>> Peter >>> >>> -- >>> Peter N. M. Hansteen, member of the first RFC 1149 implementation team >>> http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ >>> "Remember to set the evil bit on all malicious network traffic" >>> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. >>> >>> -- >>> You received this mail because you are subscribed to misc@opensmtpd.org >>> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org >>> > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg
