[CentOS] spam control (by the way)
Mark Weaver
mdw1982 at mdw1982.com
Mon Oct 30 03:42:06 UTC 2006
Mark Weaver wrote:
> Bill Church wrote:
>> If you have the luxury of blocking IPs based on countries or regions,
>> that helps as well but not everyone can do this.
>>
>> -Bill
>
> That in a nutshell of but one layer of a multi-layer approach that I've
> been using for the past two years. At present I may get a grand total of
> 2 SPAMs per week; sometimes less than that, but that's the average.
>
> layer #1: RBLs configured in the MTA - Sendmail
> layer #2: SpamAssassin (score set to 3 and known or trusted addresses
> white-listed
> layer #3: iptables rules and a technique known as geo-blocking.
>
> The third layer, iptables and geo-blocking REALLY make a huge
> difference. It's taken about a year and some digging, but I've got a
> very good foundation ruleset that works extremely well. And personally I
> don't consider blocking on countries or regions is a luxury, but rather
> a necessity. Anyone can do it and should of they're running a mail
> server that is accepting direct SMTP connections.
>
> Since my mail server is already behind a router the rule set is very
> simple, but extremely effective and very portable.
>
Thought I'd send this along as well. It's a small perl script that will
make batch processing spammers IP addresses a little easier and faster.
It isn't pretty or much past beta, but it gets the job done.
The script does a whois lookup on the IP address, grabs the IP range and
writes a rule which gets put into the "chains" file. Once it's processed
all the addresses it writes out the file afresh. At that point just run
the chains file from where ever you've placed it. (at the moment is has
trouble processing whois information when arin redirects to some of
suib-whois server. And you have to watch when it does a whois lookup on
a LACNIC address because they display their IP range information much
differently than APNIC or RIPE so, some hand editing after the batch
processing may need done. YMMV) Like I said... it's still beta.
to use the script simply place the spam IP addresses harvested from the
spam email headers into a simple text file, one address per line. (edit
the script and replace the current file name storing the IP addresses
with what ever you've called your IP address file) Then run the script
like so:
perl proc_ip_list.pl [ENTER]
You'll see a listing of rules being printed out on the console screen,
or a message letting you know that the address or address range already
exists in the "chains" file. Once the program completes upload or copy
the fresh copy of chains to it's place and run "chains" from the command
line. ( I keep mine in the /bin directory )
EX: /bin/chains [ENTER]
It will flush Iptables and set the new rules in place.
--
Mark
"If you have found a very wise man, then you've found
a man that at one time was an idiot and lived long enough
to learn from his own stupidity."
==============================================
Powered by CentOS4 (RHEL4)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: proc_ip_list.pl
Type: application/x-perl
Size: 2663 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20061029/97ea4817/attachment.pl>
More information about the CentOS
mailing list