Received-SPF: pass (Last token {include:spf.protection.outlook.com} (res=PASS)) client-ip=104.47.36.57; envelope-from=<JimL@n2net.com>; x-ip-name=mail-sn1nam02on0057.outbound.protection.outlook.com;
X-Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0057.outbound.protection.outlook.com [104.47.36.57])
by netwin.co.nz (SurgeMail 7.3p) with ESMTP (TLS) id 4725112-1391920
for <surgemail-list@netwin.co.nz>; Thu, 01 Nov 2018 18:02:32 +0000
X-Return-Path: JimL
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=n2net.com;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=mMohallVvPIOHIExAVUoIRo0Lud0pFl1LcUdX29a1Ow=;
b=J8IAG6Q4hqHtSruar+KWo7pdEtbLDOwyR581g4xiKHFFFkVvPtZiIJ8aRBJfPRIgjb2A9qz7YFMuu66sGtnqW3Msi1aR+RX44e7zUJFo3NxKdP+pGksuofrS8YvhlvZOKQatBDXDxPLKrDXlCx07WM9RiMxcuGBjWSY27E8WcOw=
X-Received: from BN6PR15MB1396.namprd15.prod.outlook.com (10.172.150.21) by
BN6PR15MB1906.namprd15.prod.outlook.com (10.174.239.142) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.1273.26; Thu, 1 Nov 2018 18:02:30 +0000
X-Received: from BN6PR15MB1396.namprd15.prod.outlook.com
([fe80::7880:a8e0:623b:6306]) by BN6PR15MB1396.namprd15.prod.outlook.com
([fe80::7880:a8e0:623b:6306%8]) with mapi id 15.20.1294.024; Thu, 1 Nov 2018
18:02:30 +0000
From: Jim Lohiser
To: "surgemail-list@netwin.co.nz" <surgemail-list@netwin.co.nz>
Subject: Re: [SurgeMail List] Deny Login From IP List
Thread-Topic: [SurgeMail List] Deny Login From IP List
Thread-Index: AdRx9Uu4SCD5aIeQQDChDC3QLntMJwADOJqAAAK4BAs=
Date: Thu, 1 Nov 2018 18:02:30 +0000
Message-ID: <8CEC132F-5A06-4103-BE93-70C63C16FFC7@n2net.com>
References:
<BN6PR15MB13968F161CE3548BD945085094CE0@BN6PR15MB1396.namprd15.prod.outlook.com>,<CAFT6cVXnDVpRHXOhs8tVs10EcUse-PY5esefL1BG3pxtzSbBCQ@mail.gmail.com>
In-Reply-To:
<CAFT6cVXnDVpRHXOhs8tVs10EcUse-PY5esefL1BG3pxtzSbBCQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=JimL@n2net.com;
X-x-originating-ip: [2600:1009:b065:e418:68ef:3b44:8d79:c822]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics:
1;BN6PR15MB1906;6:uDMHTfr3/3gQs+VZYhs9jW3BhHVTLuF5YumlKkwLGAyO2ISUqeuCFb01o+INzDhB+TDOnQspkx/x7dYy5DHikB84GH0LZfsQ2CypJoWFZIgVPgwe61SpAAgsfaow2TKo+fw7AJahSNrVOWpmcrYGo3lJS0y1wWfgITFGEnMgpsQfvN67oDvVKb1t9icpkwXKeSL3VBVKtQqIVLjZk9MJ0j63bNz/Cc0iEMABhdit3hhQ1rETqulJtpk/PofW4I6BEbis277qZ7S/rcstJYkGq6pyA5TLuoS0rDQShQdYx0T6m7dxYlPtp34SlG8QvIeSh7xh1B2RyfkptnyBkr8f189pUficRGfnSIpASok+jfdZv/Nqn7/S+m1Fa1ObNmsK4jMo0dqN3JFyAVdu2qrqht3E2ojoHbzuWdRSTheO9uy+5C+gJOGTrm8CLfMNw4zS4h9ZLplvBAtP9LjEjR/bdg==;5:RAWcij1kTpEy0u5UrhO+U35uW2wWwKFayn+DwtAKxfmbzO/fQVPXSYsMcxVw6y9VUoWmriuvar/0+BugZmbgiWBL3Y1unuoebh7qrlzW9dRVu6Mx1QnosM/yxWPfcpc6KGrc2kfHJ/Y97YkwYJjkBQqO9D46jULzPZRHlK0piaI=;7:NVtjnVUeYOHWakNse8sDsBJ8ltgLQIbyrJ1gN5qVOPiLp3eKPUgpU3o8O4au3Ci5oWGD2dWSDQ6jwpvkrjz9cdWolgL/5bhlh+4U/cSTWjExX5P6Cmp4u4hEanoMhxFLYEgRu+dgZGDZagQuKrvXfg==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 62fd8394-4f4f-4e6b-51b6-08d6402430fa
x-microsoft-antispam:
BCL:0;PCL:0;RULEID:(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600074)(711020)(2017052603328)(7153060)(7193020);SRVR:BN6PR15MB1906;
x-ms-traffictypediagnostic: BN6PR15MB1906:
x-microsoft-antispam-prvs:
<BN6PR15MB1906A1CE20D71F0BE58AC58994CE0@BN6PR15MB1906.namprd15.prod.outlook.com>
x-exchange-antispam-report-test:
UriScan:(85827821059158)(158342451672863)(21532816269658)(36556875275162);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test:
BCL:0;PCL:0;RULEID:(6040522)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(3231382)(944501410)(52105095)(148016)(149066)(150057)(6041310)(2016111802025)(20161123562045)(20161123564045)(20161123560045)(20161123558120)(6043046)(201708071742011)(7699051)(76991095);SRVR:BN6PR15MB1906;BCL:0;PCL:0;RULEID:;SRVR:BN6PR15MB1906;
x-forefront-prvs: 0843C17679
x-forefront-antispam-report:
SFV:NSPM;SFS:(10009020)(6019001)(376002)(346002)(366004)(39830400003)(396003)(136003)(269900001)(199004)(189003)(25786009)(80792005)(68736007)(97736004)(256004)(8676002)(2906002)(72206003)(53546011)(83716004)(76176011)(36756003)(81166006)(2900100001)(6246003)(6916009)(6512007)(54896002)(81156014)(236005)(8936002)(5640700003)(99286004)(14444005)(33656002)(53936002)(6306002)(6506007)(2616005)(14454004)(446003)(486006)(6436002)(6486002)(6116002)(2351001)(46003)(2501003)(476003)(11346002)(71200400001)(5660300001)(508600001)(105586002)(186003)(86362001)(5250100002)(7736002)(102836004)(106356001)(71190400001)(316002)(229853002)(82746002)(16193025007);DIR:OUT;SFP:1101;SCL:1;SRVR:BN6PR15MB1906;H:BN6PR15MB1396.namprd15.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1;
received-spf: None (protection.outlook.com: n2net.com does not designate
permitted sender hosts)
x-microsoft-antispam-message-info:
XvVbd3padmTPuc/o2iQNwj1ohnLEcDGLdAIDLZVnR0o+4QWhqdQphf6K8PkK+fBNyrmSMihbhL2pwyFHb+QHyOOiEnyzB5gP0VfPMWIISUxivsQGQo01kV1GlnXsUu0SJwO4p3SjO9wnvCgML99EZi5mTe2hT66lV+a+4VSlVRtKzrX6emQJhtYpzBfmd1euHFkQ3tN4ZtaURszHPgKh3TbpAKypNXv0AyzNTswdPnmi65B5RvpS4Z8deR/eA+2eV+R2tduuLce8CJkpyjqSSqk4Z/uu9XwLzxbaR4GxOY1+3cvS3qFokp1EbVJkB1LE2b9u+sWx24z2EkmhOaN0FKk4hHqlRBpMSjDAXaDOQ14=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
MIME-Version: 1.0
X-OriginatorOrg: n2net.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 62fd8394-4f4f-4e6b-51b6-08d6402430fa
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Nov 2018 18:02:30.1693
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 22f40af6-63b3-4367-a32e-781031f4a7bb
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR15MB1906
X-Originating-IP: 104.47.36.57
X-Country: code=US country="United States" ip=104.47.36.57
X-ORBS-Stamp: hostkarma_yellow, hostkarma_quitok
X-Rcpt-To: <surgemail-list@netwin.co.nz>
X-SpamDetect: : 0.0 sd=0.0 lv=0.00 nok=1/0 m=1 nf=0 Close 0.04(X-myrbl:Color=white) 0.04(few_words) 0.90(X-Phrase:isspam) 0.76(X-Verify-Helo:-ERR) 0.24(genuine) 0.24(dkimok) 0.34(X-Country:States) 0.37(StandardTLD) 0.63(X-Verify-Helo:wrongip) 0.38(X-NotAscii:utf) 0.45(spfpass) 0.45(X-LangGuess:English) 0.47(X-Verify-MX present) Saned 5.0 Sval 0.0 bsan 5.0 Moved 5.0->0.0 Sval 0.0
X-NotAscii: charset=utf-8
X-LangGuess: English
X-Probe: +OK nothing bad found
X-Phrase: IsSpam score=1.00
X-Verify-Helo: -ERR wrongip: NAM02-SN1-obe.outbound.protection.outlook.com -> 216.32.*.* not in 104.47.36.57
Authentication-Results: netwin.co.nz header.from=JimL@n2net.com; dkim=pass (good signature)
X-Verify-MX: <JimL@n2net.com> senders ip (ch=104.47.36.57 msg=104.47.36.57, net=104.47.) not in mx data dom=n2net.com ipname=mail-sn1nam02on0057.outbound.protection.outlook.com (207.166.203.21)
X-Encryption: SSL encrypted
X-MyRbl: Color=White Age=435 Spam=4 Notspam=14 Stars=61 Good=7612 Friend=13245 Surbl=4 Catch=0 r=0.0033 ip=104.47.36.57
X-IP-stats: No info recorded yet ip=104.47.36.57
List-Unsubscribe: <mailto:surgemail-list-leave@netwin.co.nz?subject=unsubscribe>
X-Mailing-List: surgemail-list@netwin.co.nz
List-ID: <surgemail-list@netwin.co.nz>
Precedence: bulk
Reply-To: surgemail-list@netwin.co.nz
Content-Transfer-Encoding: base64
Content-Transfer-Encoding: base64
Andy,
Thanks. That is what I have done for now. However, that still allows them to bang on authentication via SMTP.
Jim L
Hi Jim,
To block the logins you could block those IP's and subnets on your firewall (Local firewall on the box, iptables if running Linux, or hardware firewall in front of your server if you have one) from accessing your server on what ever port you are running
your login page on (HTTPS ?) but allow them to connect via SMTP.
Andy
Netwin,
I am trying to block logins from certain IP addresses and IP subnets but still allow those IP address to send email to users on our system (SMTP). You current have g_deny which blocks everything and g_deny_smtp which blocks only SMTP. I was looking for something
like g_deny_login but there does not appear to be a setting that currently meets our need. If this feature does not exist, I would like to add this as a feature request.
Also, while we are on the subject of IP lists, is it possible to insert comments into the line items such as the example below. For all of the IP lists in SurgeMail, we sometimes struggle to remember why a particular IP address or block exists on a list. Being
able to add comments to the entries would be very helpful.
10.0.0.0/24 # Hacking attempt 20181101
Thanks,
Jim Lohiser
N2Net