[CentOS] spam control

Mon Oct 30 03:27:49 UTC 2006
Mark Weaver <mdw1982 at mdw1982.com>

Bill Church wrote:
> If you have the luxury of blocking IPs based on countries or regions,
> that helps as well but not everyone can do this.
> 
> -Bill

That in a nutshell of but one layer of a multi-layer approach that I've 
been using for the past two years. At present I may get a grand total of 
2 SPAMs per week; sometimes less than that, but that's the average.

layer #1: RBLs configured in the MTA - Sendmail
layer #2: SpamAssassin (score set to 3 and known or trusted addresses
           white-listed
layer #3: iptables rules and a technique known as geo-blocking.

The third layer, iptables and geo-blocking REALLY make a huge 
difference. It's taken about a year and some digging, but I've got a 
very good foundation ruleset that works extremely well. And personally I 
don't consider blocking on countries or regions is a luxury, but rather 
a necessity. Anyone can do it and should of they're running a mail 
server that is accepting direct SMTP connections.

Since my mail server is already behind a router the rule set is very 
simple, but extremely effective and very portable.

*see attached bash script.

-- 
Mark

"If you have found a very wise man, then you've found
a man that at one time was an idiot and lived long enough
to learn from his own stupidity."
==============================================
Powered by CentOS4 (RHEL4)
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: chains
URL: <http://lists.centos.org/pipermail/centos/attachments/20061029/6858a131/attachment-0005.ksh>