Dear all,
My mail server received so many virus mails from ip 202.145.10.147 and after i look at gateway (linux) and i using iptraf i see so many traffic from 202.145.10.147. After that i try to block all traffic from 202.145.10.147 with command : #iptables -A INPUT -s 202.145.10.146 -j DROP
but i still receiveall traffic from 202.145.10.146...... Can anybody help me ........... that ip send virus in to mail server more then 20 mails per minute.......
Are the mail server and gateway two separate hosts? If yes, you need to add the rule to the FORWARD chain. Packet will go through INPUT chain of filter table only if its destination is local host (the gateway in your case). If packet is to be forwarded to another host, it will go only through FORWARD chain of filter table. In no circumstance are you going to see packet going through both INPUT and FORWARD chains of filter table.
If the mail server is running on the gateway host, check the order of your rules. Are there any rules before the one you just added that would accept the packets from "bad host"?
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
