[CentOS] spam control (by the way)

Mon Oct 30 03:54:23 UTC 2006
Gavin Carr <gavin at openfusion.com.au>

On Sun, Oct 29, 2006 at 10:42:06PM -0500, Mark Weaver wrote:
> Mark Weaver wrote:
> >Bill Church wrote:
> >>If you have the luxury of blocking IPs based on countries or regions,
> >>that helps as well but not everyone can do this.
> >>
> >>-Bill
> >
> >That in a nutshell of but one layer of a multi-layer approach that I've 
> >been using for the past two years. At present I may get a grand total of 
> >2 SPAMs per week; sometimes less than that, but that's the average.
> >
> >layer #1: RBLs configured in the MTA - Sendmail
> >layer #2: SpamAssassin (score set to 3 and known or trusted addresses
> >          white-listed
> >layer #3: iptables rules and a technique known as geo-blocking.
> >
> >The third layer, iptables and geo-blocking REALLY make a huge 
> >difference. It's taken about a year and some digging, but I've got a 
> >very good foundation ruleset that works extremely well. And personally I 
> >don't consider blocking on countries or regions is a luxury, but rather 
> >a necessity. Anyone can do it and should of they're running a mail 
> >server that is accepting direct SMTP connections.
> >
> >Since my mail server is already behind a router the rule set is very 
> >simple, but extremely effective and very portable.
> >
> 
> Thought I'd send this along as well. It's a small perl script that will 
> make batch processing spammers IP addresses a little easier and faster. 
> It isn't pretty or much past beta, but it gets the job done.
> 
> The script does a whois lookup on the IP address, grabs the IP range and 
> writes a rule which gets put into the "chains" file. Once it's processed 
> all the addresses it writes out the file afresh. At that point just run 
> the chains file from where ever you've placed it. (at the moment is has 
> trouble processing whois information when arin redirects to some of 
> suib-whois server. And you have to watch when it does a whois lookup on 
> a LACNIC address because they display their IP range information much 
> differently than APNIC or RIPE so, some hand editing after the batch 
> processing may need done. YMMV) Like I said... it's still beta.

There are also a bunch of CPAN perl modules that can be used for this
e.g. Geo::IP, Geo::IP2Location, Geo::IPfree, etc.

Cheers,
Gavin


--
Gavin Carr
Open Fusion - Open Source Business Solutions [ Linux - Perl - Apache ]
http://www.openfusion.com.au
- Fashion is a variable, but style is a constant - Programming Perl