Blocking Malicious IP Senders

Discuss the Scalix Server software
stefano
Posts: 51
Joined: Wed Aug 23, 2006 4:35 am
Location: Italia

Blocking Malicious IP Senders

Postby stefano » Thu Dec 19, 2013 3:32 am

Hey guys,

i see in SMTP.log there are different IPs (maliciuos senders) that can try to attack my Scalix server by brute force.
i inserted in last line in SMTP.cfg : SUBMIT log_reject DNSBL,bl.spamcop.net,ALL
but attacks go on.
Have you any hints to protect my server ?

thank you
Stefano

BaldBoy
Posts: 141
Joined: Fri May 19, 2006 12:45 pm

Re: Blocking Malicious IP Senders

Postby BaldBoy » Thu Dec 19, 2013 5:36 am

Hi Stefano,
I think the best option is not to look inside Scalix's functionalities. DSBL's blocking only drops connection *after* it has been established therefore causing Scalix an extra work.
In my opinion I would set up a rule on the firewall to block specific addresses.
Another option I often use is to put ASSP in front of Scalix and let ASSP do the job of blocking malicious IP's (harvesters, DDOS etc).

SidebandSamurai
Posts: 236
Joined: Sun Jan 08, 2006 10:57 pm

Re: Blocking Malicious IP Senders

Postby SidebandSamurai » Thu Jan 30, 2014 2:48 pm

My experience has been to "Outsource" the problem. I use MailRoute and have all incoming port 25 ports blocked except from those coming from MailRoute. This way if a spammer does have my IP address it does them no good. Mailroute accepts all of my mail, scrubs it clean and sends me only the clean mail. No spam, no virus laden email, no having to worry about updates, Installs going bad. Nothing like that. I have been really happy with the service.

I don't know how many users you have, but the cost is fairly inexpensive.

The second solution would be to set up a seperate antivirus server and pass the clean mail to Scalix. With this solution you don't get the benefit of just blocking everything except the IP address range for MailRoute but its better than having the mail server handle everything at once.

You can visit them at MailRoute.net

Glad to see that Scalix is back online. I was sad to move on but I needed to.

Sincerley,

Sideband Samurai

lowenpariedu
Posts: 1
Joined: Mon Apr 07, 2014 10:09 am

Re: Blocking Malicious IP Senders

Postby lowenpariedu » Mon Apr 07, 2014 1:48 pm

I realize this thread is a bit old.....

Anyway, I have my server set up with postfix handling incoming on 25 and doing the DNSBL, FCrDNS, etc with Amavisd doing the anti-spam and anti-virus tasks; postfix then hands it off to the scalix smtpd. Performance has thus far been very good.

I used the instructions found in the Scalix Wiki at http://www.scalix.com/wiki/index.php?title=HowTos/Complete_Postfix (along with reading through the other howtos about MTA integration and the older postfix howto as well).

For certain egregious offenders (typically whole blocks of IP addresses) I have a deny line for each in my incoming router's ingress ACL.

alinamike
Posts: 1
Joined: Fri Jan 02, 2015 3:40 pm

Re: Blocking Malicious IP Senders

Postby alinamike » Fri Jan 02, 2015 3:44 pm

I'm trying to troubleshoot email traffic on my Scalix server. I recently installed Scalix 12 to replace my aging Suse OpenXchg 4 server?
alina

ScalixSupport
Scalix
Scalix
Posts: 5486
Joined: Thu Mar 25, 2004 8:15 pm

Re: Blocking Malicious IP Senders

Postby ScalixSupport » Mon Dec 28, 2015 5:16 am

Hello,

You may use Scalix AntiSpam and ZeroHour AntiVirus (optional license), These add-on product modules for Scalix Enterprise Edition and Scalix Small Business Edition provide for world-class Junkmail and Malware protection powered by Commtouch's patented RPD technology.

Regards,
Scalix Support Team.


Return to “Scalix Server”



Who is online

Users browsing this forum: No registered users and 1 guest

cron