[Mimedefang] Blocking spam senders using IPTables?

[Chris Myers]

----- Original Message ----- 
From: "Paul Murphy" <pmurphy at ionixpharma.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Monday, November 01, 2004 10:26 AM
Subject: [Mimedefang] Blocking spam senders using IPTables?


> Given that real mail from these sites is unlikely, I'm tempted to
implement a
> system of blocking all traffic from these IP addresses using the following
> scheme:
>
> A.  Add a date/time stamped record to a database with that IP address as
the
> key, and a spam count of 1
> B.  If the number of records matching that IP is now 3 or more, modify the
> IPTables system to drop all traffic from that IP with an ICMP
Host-Prohibited
> message
> C.  Run a daily expiry process which removes all records which are more
than X
> days old (with X starting at 10 days) and which removes the IPTables entry
if
> the new count is less than 3.

Watch out for mail services that forward e-mail to your users.  Think this:
A user has
an MSN account that gets a lot of spam, and that user sets his MSN account
to forward
to his local mailbox.  Blam!  You no longer receive _any_ email from MSN.