On Fri, 15 Feb 2002, Dennis wrote:
> You block 203 as in 203.x.x.x ?
>
> That consists mostly of assigned ip addresses in Australia, you are
> effectively blocking an entire country.
Yup. As well as Indonesia, and most of Taiwan. The bounce message contains
a URL where the sender can go and request that they not be blocked if
indeed they are legit.
After tracking SPAM for years, more than 70% of the SPAM hitting my
servers originates from those Class As. Like I said when I originally posted, is
that caution should be used and maillogs checked.
I check my maillogs daily, my "users" are aware of the restrictions as
well as notifying me of a mailserver in any of those subnets that may need
to be permissioned to send mail. (My users are well behaved and clueful)
The bulk of the offending machines in those subnets have been Windows
NT/2000 servers that are misconfigured as open relays. I am down from an
average of 30 pieces of SPAM per day per domain (6 of them) to less than 4
on average.
The little bit of extra work is well worth it. Less viruses, less annoyed
users, less offensive stuff in general.
And as a side note, I also watch the log where the URL to be "unblocked"
is. In the last 4 months, only one person has gone there to request it.
None of the others have ever even visited the page. So, for my network and
users, this seems to be working out OK.
> > 202
> > 203
> > 210
> > 211
> >
> > But again, be careful if you add these....especially if you receive
> mail
> > from any APNIC or RIPE based addresses.
> >
>
> ------------------------------------------------------------------------
> To unsubscribe email security-discuss-request@linuxsecurity.com
> with "unsubscribe" in the subject of the message.
>
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
