Gavin Carr wrote:
On Sun, Oct 29, 2006 at 10:42:06PM -0500, Mark Weaver wrote:
Mark Weaver wrote:
Bill Church wrote:
If you have the luxury of blocking IPs based on countries or regions,
that helps as well but not everyone can do this.
-Bill
That in a nutshell of but one layer of a multi-layer approach that I've
been using for the past two years. At present I may get a grand total of
2 SPAMs per week; sometimes less than that, but that's the average.
layer #1: RBLs configured in the MTA - Sendmail
layer #2: SpamAssassin (score set to 3 and known or trusted addresses
white-listed
layer #3: iptables rules and a technique known as geo-blocking.
The third layer, iptables and geo-blocking REALLY make a huge
difference. It's taken about a year and some digging, but I've got a
very good foundation ruleset that works extremely well. And personally I
don't consider blocking on countries or regions is a luxury, but rather
a necessity. Anyone can do it and should of they're running a mail
server that is accepting direct SMTP connections.
Since my mail server is already behind a router the rule set is very
simple, but extremely effective and very portable.
Thought I'd send this along as well. It's a small perl script that will
make batch processing spammers IP addresses a little easier and faster.
It isn't pretty or much past beta, but it gets the job done.
The script does a whois lookup on the IP address, grabs the IP range and
writes a rule which gets put into the "chains" file. Once it's processed
all the addresses it writes out the file afresh. At that point just run
the chains file from where ever you've placed it. (at the moment is has
trouble processing whois information when arin redirects to some of
suib-whois server. And you have to watch when it does a whois lookup on
a LACNIC address because they display their IP range information much
differently than APNIC or RIPE so, some hand editing after the batch
processing may need done. YMMV) Like I said... it's still beta.
There are also a bunch of CPAN perl modules that can be used for this
e.g. Geo::IP, Geo::IP2Location, Geo::IPfree, etc.
Cheers,
Gavin
--
Gavin Carr
Hi Garvin,
Those are pretty cool... thanks for the heads up I was unaware of them,
but they appear to be specifically for gathering geographical data which
web master would use and have nothing to do with geo-blocking of spam.
--
Mark
"If you have found a very wise man, then you've found
a man that at one time was an idiot and lived long enough
to learn from his own stupidity."
==============================================
Powered by CentOS4 (RHEL4)
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
