[CentOS] spam control

Mon Oct 30 16:20:21 UTC 2006
Mark Weaver <mdw1982 at mdw1982.com>

On Mon, October 30, 2006 8:27 am, Bill Church wrote:
> Mark Weaver wrote:
>> Bill Church wrote:
>> > If you have the luxury of blocking IPs based on countries or regions,
>> > that helps as well but not everyone can do this.
>> >
>> > -Bill
>>
>> ... And personally I don't consider blocking on countries or regions
>> is a luxury, but rather a necessity. Anyone can do it and should of
>> they're running a mail server that is accepting direct SMTP
>> connections.
>
> I mean a luxury as in if you are so fortunate to only receive mail from a
> few regions or so. We have a fairly large customer who is an electronics
> manufacturer, their suppliers and customers are all over the globe,
> unfortunately we can't use this strategy for them.
>
> We have a few financial customers, however, where their customers are only
> in the US. They block access to all of their resources geographically,
> this seems to work very well for them for spam and attacks.
>
> Very nice work Mark. How do your logs look with all of those log
> statements?
>
> -Bill

Thanks!

the logs reflect the chatty nature of the rules, but all in all definitely
not unmanageable.

as far as being able to receive messages from part of the globe of an
already blocked area, if I remember correctly I've been known to fine tune
this a bit to allow certain IP's in while blocking the rest of the
netblock from an offending area. Australia springs to mind since when I
first started compiling data for this most of the SPAM was originating
from the Asia Pacific network. Since then, in the last 6 months traffic
has shifted from there to the Ripe Network.

Unless I'm mistaken, if one sets a rule to block an IP range
216.0.0.0-215.255.255.255 we're effectively blocking a very large
netblock. However, if there's a smaller segment within that netblock that
you want to allow placing another rule directly after that should allow
that secondary traffic in. Puts me in mind of setting the INPUT chain's
default policy to DROP and then placing a rule to allow certain
connections from certain sources to be Accepted.

-- 
Mark

If you've found a wise man then you've found a man that was at one time an
idiot and lived long enough to learn from his mistakes.