simple block ip rule not working
I'm getting slammed by spammers and am trying to block their ip with a simple rule that should be a no-brainer.. but it's not showing up as a block even in the event log. What am I doing wrong? Please see attached screen shots.
Thanks
You need to hit the "LOG" check box to see it in the event log.
ok. I did that, but it's still not blocking or logging. I'm watching the mailq on my server fill up with 100s of spams from this ip and it's not blocking.. What do you advise I do?
Try to make the rule more specific.
Change Src interface to External.
Have you any custom packet filter?
Ok. just tried that and still no cigar. See attached screen shot. When you say 'packet filter'.. I don't believe so.. other than what you see in my firewall rule set.
not using any custom packet filters.
see also my port forwards
See attached
Thanks WebFool.. I figured it out. I had a rule in there that was passing everything just to log all traffic.. oops :-) Now I feel dumb
WebFool,
it sure would be nice to have some way to detect a lot of smtp traffic and block those ip's. Is there such a way to configure untangle to do that? We only have 6 users here and so we don't have a lot of mail traffic. I would think that there would be a way to do that and automate blocking ip's of spammers. Otherwise, I'm just going to have to continue to watch logs and notice lots of traffic and block ip's manually.
Thanks
I'll just ask that question in another thread. Thanks again
Do you have enable Tarpitting option in the anti spam settings?
The world is divided into 10 kinds of people, who know binary and those not
Posting Permissions
LinkBack URL
About LinkBacks