[CentOS] spam control (by the way)
Gavin Carr
gavin at openfusion.com.au
Mon Oct 30 03:54:23 UTC 2006
On Sun, Oct 29, 2006 at 10:42:06PM -0500, Mark Weaver wrote:
> Mark Weaver wrote:
> >Bill Church wrote:
> >>If you have the luxury of blocking IPs based on countries or regions,
> >>that helps as well but not everyone can do this.
> >>
> >>-Bill
> >
> >That in a nutshell of but one layer of a multi-layer approach that I've
> >been using for the past two years. At present I may get a grand total of
> >2 SPAMs per week; sometimes less than that, but that's the average.
> >
> >layer #1: RBLs configured in the MTA - Sendmail
> >layer #2: SpamAssassin (score set to 3 and known or trusted addresses
> > white-listed
> >layer #3: iptables rules and a technique known as geo-blocking.
> >
> >The third layer, iptables and geo-blocking REALLY make a huge
> >difference. It's taken about a year and some digging, but I've got a
> >very good foundation ruleset that works extremely well. And personally I
> >don't consider blocking on countries or regions is a luxury, but rather
> >a necessity. Anyone can do it and should of they're running a mail
> >server that is accepting direct SMTP connections.
> >
> >Since my mail server is already behind a router the rule set is very
> >simple, but extremely effective and very portable.
> >
>
> Thought I'd send this along as well. It's a small perl script that will
> make batch processing spammers IP addresses a little easier and faster.
> It isn't pretty or much past beta, but it gets the job done.
>
> The script does a whois lookup on the IP address, grabs the IP range and
> writes a rule which gets put into the "chains" file. Once it's processed
> all the addresses it writes out the file afresh. At that point just run
> the chains file from where ever you've placed it. (at the moment is has
> trouble processing whois information when arin redirects to some of
> suib-whois server. And you have to watch when it does a whois lookup on
> a LACNIC address because they display their IP range information much
> differently than APNIC or RIPE so, some hand editing after the batch
> processing may need done. YMMV) Like I said... it's still beta.
There are also a bunch of CPAN perl modules that can be used for this
e.g. Geo::IP, Geo::IP2Location, Geo::IPfree, etc.
Cheers,
Gavin
--
Gavin Carr
Open Fusion - Open Source Business Solutions [ Linux - Perl - Apache ]
http://www.openfusion.com.au
- Fashion is a variable, but style is a constant - Programming Perl
More information about the CentOS
mailing list