Gavin Carr wrote: > On Sun, Oct 29, 2006 at 10:42:06PM -0500, Mark Weaver wrote: >> Mark Weaver wrote: >>> Bill Church wrote: >>>> If you have the luxury of blocking IPs based on countries or regions, >>>> that helps as well but not everyone can do this. >>>> >>>> -Bill >>> That in a nutshell of but one layer of a multi-layer approach that I've >>> been using for the past two years. At present I may get a grand total of >>> 2 SPAMs per week; sometimes less than that, but that's the average. >>> >>> layer #1: RBLs configured in the MTA - Sendmail >>> layer #2: SpamAssassin (score set to 3 and known or trusted addresses >>> white-listed >>> layer #3: iptables rules and a technique known as geo-blocking. >>> >>> The third layer, iptables and geo-blocking REALLY make a huge >>> difference. It's taken about a year and some digging, but I've got a >>> very good foundation ruleset that works extremely well. And personally I >>> don't consider blocking on countries or regions is a luxury, but rather >>> a necessity. Anyone can do it and should of they're running a mail >>> server that is accepting direct SMTP connections. >>> >>> Since my mail server is already behind a router the rule set is very >>> simple, but extremely effective and very portable. >>> >> Thought I'd send this along as well. It's a small perl script that will >> make batch processing spammers IP addresses a little easier and faster. >> It isn't pretty or much past beta, but it gets the job done. >> >> The script does a whois lookup on the IP address, grabs the IP range and >> writes a rule which gets put into the "chains" file. Once it's processed >> all the addresses it writes out the file afresh. At that point just run >> the chains file from where ever you've placed it. (at the moment is has >> trouble processing whois information when arin redirects to some of >> suib-whois server. And you have to watch when it does a whois lookup on >> a LACNIC address because they display their IP range information much >> differently than APNIC or RIPE so, some hand editing after the batch >> processing may need done. YMMV) Like I said... it's still beta. > > There are also a bunch of CPAN perl modules that can be used for this > e.g. Geo::IP, Geo::IP2Location, Geo::IPfree, etc. > > Cheers, > Gavin > > > -- > Gavin Carr Hi Garvin, Those are pretty cool... thanks for the heads up I was unaware of them, but they appear to be specifically for gathering geographical data which web master would use and have nothing to do with geo-blocking of spam. -- Mark "If you have found a very wise man, then you've found a man that at one time was an idiot and lived long enough to learn from his own stupidity." ============================================== Powered by CentOS4 (RHEL4)