Bill Church wrote:
> If you have the luxury of blocking IPs based on countries or regions,
> that helps as well but not everyone can do this.
>
> -Bill
That in a nutshell of but one layer of a multi-layer approach that I've
been using for the past two years. At present I may get a grand total of
2 SPAMs per week; sometimes less than that, but that's the average.
layer #1: RBLs configured in the MTA - Sendmail
layer #2: SpamAssassin (score set to 3 and known or trusted addresses
white-listed
layer #3: iptables rules and a technique known as geo-blocking.
The third layer, iptables and geo-blocking REALLY make a huge
difference. It's taken about a year and some digging, but I've got a
very good foundation ruleset that works extremely well. And personally I
don't consider blocking on countries or regions is a luxury, but rather
a necessity. Anyone can do it and should of they're running a mail
server that is accepting direct SMTP connections.
Since my mail server is already behind a router the rule set is very
simple, but extremely effective and very portable.
*see attached bash script.
--
Mark
"If you have found a very wise man, then you've found
a man that at one time was an idiot and lived long enough
to learn from his own stupidity."
==============================================
Powered by CentOS4 (RHEL4)
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: chains
URL: <http://lists.centos.org/pipermail/centos/attachments/20061029/6858a131/attachment-0005.ksh>