Disallow an IP address from getting mail

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
akerber00
New user
New user
Posts: 16
Joined: 2008-06-04 05:28

Disallow an IP address from getting mail

Post by akerber00 » 2008-06-17 00:36

I was reviewing my logs and have discovered a couple of attempts to break into my mail server. Is there any way to disable connections from specific IP's after a certain number of log in attempts? Or is there some better method to watch for and stop attempts after they have tried to break in a few times? I can permanently block the IP on my router, but no doubt the A$$ will attempt it again from another IP.

User avatar
SorenR
Senior user
Senior user
Posts: 4399
Joined: 2006-08-21 15:38
Location: Denmark

Re: Disallow an IP address from getting mail

Post by SorenR » 2008-06-17 02:14

Well... It's doable but not for the faint hearted :lol:

You need to extract the culprit from the logs (SMTP or AWSTATS) and use the source address with a tool from Microsoft called IPSECPOL...

http://technet.microsoft.com/en-us/libr ... 26948.aspx

Eg..

ipsecpol –w REG –p "Packet Filter" –r "All inbound traffic" -f 123.123.123.123+10.0.0.1 –n BLOCK

123.123.123.123 (culprit) is blocked access to 10.0.0.1 (local server) by using IPSEC Policy "Packet Filter" with rule "All inbound traffic"...

Now, to me this is still theory as I have not yet implemented it on my server. I'm still in the planning phase :lol:
It will require some wrapper code to manage retention periods and such to account for culprits "moving around" and not staying with the same IP address for long... Otherwise you will end up blocking the entire Internet in time.. :shock:

For reference this guy used the above theory to create a personal firewall for Windows 2000 (and XP) http://homepages.wmich.edu/~mchugha/w2kfirewall.htm
SørenR.

Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.

Post Reply