Re: Question on Blocking an ISP.

["Chris S" <chris () jynx net>]

I use Qmail, so i tried using @aol.com in my badmailfrom, but badmail doesnt 
seem to look deep enough into the headers. 

These virus that are sent to me and many others on my server are spoofing 
other peoples address books, so the from: is not aol. 

Maybe theres another plugin out there for qmail that will check deeply into 
the headers.  This is my next option. 



Rick Darsey writes: 

> Do the email servers all have aol.com in them. If so, and if your firewall
> can resolve DNS, you should be able to block them aol.com domain. Of course,
> this will block all traffic, but that seems to be what you are after. 
>
> Rick 
>
> -----Original Message-----
> From: Chris [mailto:chris () jynx net]
> Sent: Saturday, November 30, 2002 3:21 AM
> To: security-basics () securityfocus com
> Subject: Question on Blocking an ISP. 
>
>
> As of the last couple weeks, from 1 aol users i have gotten over 1000+ virus
> emails.
> These emails are your tipical freescreensaver virus that has been going
> around for years now. It seems this person has an affected system.  This is
> not really my question or concern. 
>
> I have been scanning though all the headers getting the proxy email servers
> aol uses, but it seems like a endless list. LOL. 
>
> I'm blocking these ips though IPchains, but i really would like to know how
> to get every class owned by aol so i can block them all. 
>
> Receiving mail from aol is no big thing to me, considering 99.9% of the time
> is junk or spam. 
>
> Is there some way to whois arin on a nic handle to get all the classes? 
>
> Thank you.
> -chris 



Chris S.
www.jynx.net
chris () jynx net