[CentOS] spam control (by the way)

Mark Weaver mdw1982 at mdw1982.com
Mon Oct 30 12:09:32 UTC 2006 

Gavin Carr wrote:
> On Sun, Oct 29, 2006 at 10:42:06PM -0500, Mark Weaver wrote:
>> Mark Weaver wrote:
>>> Bill Church wrote:
>>>> If you have the luxury of blocking IPs based on countries or regions,
>>>> that helps as well but not everyone can do this.
>>>>
>>>> -Bill
>>> That in a nutshell of but one layer of a multi-layer approach that I've 
>>> been using for the past two years. At present I may get a grand total of 
>>> 2 SPAMs per week; sometimes less than that, but that's the average.
>>>
>>> layer #1: RBLs configured in the MTA - Sendmail
>>> layer #2: SpamAssassin (score set to 3 and known or trusted addresses
>>>          white-listed
>>> layer #3: iptables rules and a technique known as geo-blocking.
>>>
>>> The third layer, iptables and geo-blocking REALLY make a huge 
>>> difference. It's taken about a year and some digging, but I've got a 
>>> very good foundation ruleset that works extremely well. And personally I 
>>> don't consider blocking on countries or regions is a luxury, but rather 
>>> a necessity. Anyone can do it and should of they're running a mail 
>>> server that is accepting direct SMTP connections.
>>>
>>> Since my mail server is already behind a router the rule set is very 
>>> simple, but extremely effective and very portable.
>>>
>> Thought I'd send this along as well. It's a small perl script that will 
>> make batch processing spammers IP addresses a little easier and faster. 
>> It isn't pretty or much past beta, but it gets the job done.
>>
>> The script does a whois lookup on the IP address, grabs the IP range and 
>> writes a rule which gets put into the "chains" file. Once it's processed 
>> all the addresses it writes out the file afresh. At that point just run 
>> the chains file from where ever you've placed it. (at the moment is has 
>> trouble processing whois information when arin redirects to some of 
>> suib-whois server. And you have to watch when it does a whois lookup on 
>> a LACNIC address because they display their IP range information much 
>> differently than APNIC or RIPE so, some hand editing after the batch 
>> processing may need done. YMMV) Like I said... it's still beta.
> 
> There are also a bunch of CPAN perl modules that can be used for this
> e.g. Geo::IP, Geo::IP2Location, Geo::IPfree, etc.
> 
> Cheers,
> Gavin
> 
> 
> --
> Gavin Carr

Hi Garvin,

Those are pretty cool... thanks for the heads up I was unaware of them, 
but they appear to be specifically for gathering geographical data which 
web master would use and have nothing to do with geo-blocking of spam.

-- 
Mark

"If you have found a very wise man, then you've found
a man that at one time was an idiot and lived long enough
to learn from his own stupidity."
==============================================
Powered by CentOS4 (RHEL4)

More information about the CentOS mailing list