On Sun, Oct 29, 2006 at 10:42:06PM -0500, Mark Weaver wrote: > Mark Weaver wrote: > >Bill Church wrote: > >>If you have the luxury of blocking IPs based on countries or regions, > >>that helps as well but not everyone can do this. > >> > >>-Bill > > > >That in a nutshell of but one layer of a multi-layer approach that I've > >been using for the past two years. At present I may get a grand total of > >2 SPAMs per week; sometimes less than that, but that's the average. > > > >layer #1: RBLs configured in the MTA - Sendmail > >layer #2: SpamAssassin (score set to 3 and known or trusted addresses > > white-listed > >layer #3: iptables rules and a technique known as geo-blocking. > > > >The third layer, iptables and geo-blocking REALLY make a huge > >difference. It's taken about a year and some digging, but I've got a > >very good foundation ruleset that works extremely well. And personally I > >don't consider blocking on countries or regions is a luxury, but rather > >a necessity. Anyone can do it and should of they're running a mail > >server that is accepting direct SMTP connections. > > > >Since my mail server is already behind a router the rule set is very > >simple, but extremely effective and very portable. > > > > Thought I'd send this along as well. It's a small perl script that will > make batch processing spammers IP addresses a little easier and faster. > It isn't pretty or much past beta, but it gets the job done. > > The script does a whois lookup on the IP address, grabs the IP range and > writes a rule which gets put into the "chains" file. Once it's processed > all the addresses it writes out the file afresh. At that point just run > the chains file from where ever you've placed it. (at the moment is has > trouble processing whois information when arin redirects to some of > suib-whois server. And you have to watch when it does a whois lookup on > a LACNIC address because they display their IP range information much > differently than APNIC or RIPE so, some hand editing after the batch > processing may need done. YMMV) Like I said... it's still beta. There are also a bunch of CPAN perl modules that can be used for this e.g. Geo::IP, Geo::IP2Location, Geo::IPfree, etc. Cheers, Gavin -- Gavin Carr Open Fusion - Open Source Business Solutions [ Linux - Perl - Apache ] http://www.openfusion.com.au - Fashion is a variable, but style is a constant - Programming Perl