PureMessage for UNIX: Enable MTA Ip Blocking

  • Article ID: 33576
  • Updated: 12 Mar 2014


Issue

This article describes how to enable MTA IP Blocking for PureMessage for UNIX.  This service allows you to block IP addresses with a bad reputation at the connection-level.

First seen in

PureMessage for Unix

 

What To Do

The Puremessage Blocklist is not enabled by default on new installations of the product and must be enabled to allow blocking at the MTA level.

Enable IP Blocking data

To enable the IP blocklist data, run the following command as the pmx user:
$ pmx-blocklist --enable

Turn IP blocking ON

Via the PureMessage Manager UI, turn on IP blocking:

  1. Log in to PureMessage Manager
  2. Go to 'Local Services > MTA IP Blocking'
  3. Select the 'Enable' option

Verifying IP blocker is enabled

To verify IP blocker service is running, run the following command:  
$ pmx-service status blockerd

When IP blocker has been turned on the following configuration is added to the Postfix main.cf file:
smtpd_client_restrictions = ignore_policy_error,check_policy_service inet:[127.0.0.1]:4466

Verifying IP blocker is working

When IP blocker is working, the following log file will be created:
/opt/pmx/var/log/blocklist_log

This log file will show when connections are accepted or rejected based on IP blocking data.  For example:

"55.55.55.55 OK" for a connection that was accepted.
"55.55.55.54 REJECT" for an IP address that was listed as a spam source or compromised host.

Further Information

For more information on configuring IP blocker, see the following sophos.com article:
PureMessage for UNIX: Enabling Sender Genotype for IP Blocker





 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments