[Mimedefang] Blocking spam senders using IPTables?

James Ebright jebright at esisnet.com
Tue Nov 2 14:28:50 EST 2004


Seems to me this would be much better served implemented as a DNSRBL than a 
iptables solution. By using your own DNSRBL, you would have a scalable, RFC 
compliant solution that still drops the connection well before the "data" 
phase and before any mimedefang/SA processing, if you implement the DNSRBL 
inside your mail server software itself.

As for how you decide who ends up on your DNSRBL (or IPTables) list, well, as 
you say, that is your own policy, However, I would encourage you to implement 
some way to track how items get added and a way for a remote third party that 
may have been added to see if they are on your list, why they were added, and 
a way to request removal/whitelisting. 

Personally, nothing is added to our private "lists" here without a human 
eyeball confirming it and our systems have less than .01% false positive rate 
and block/reject/bounce/quaranteen several million messages a month.

Jim Ebright
ESISNET, LLC
www.esisnet.com

On Tue, 2 Nov 2004 14:49:22 -0000, Paul Murphy wrote
> Chris,
> 
> > Watch out for mail services that forward e-mail to your 
> > users.  Think this:
> > A user has an MSN account that gets a lot of spam, and 
> > that user sets his MSN account to forward to his local 
> > mailbox.  Blam!  You no longer receive _any_ email from MSN.
> 
> Accepted - that's why I'd only want to use this approach to target 
persistent
> and readily identifiable spammers.  By blocking using this technique,
>  you'd be accepting that any matching system would effectively cease 
> to exist as far as you are concerned.
> 
> The problem I'm trying to address is where your system is flooded by 
> messages from addresses which belong to spammers, and despite 
> greylisting and MD/SA scoring it as 20+ and sending a 500/571 
> permanent error, they keep trying at the same rate.  At the moment,
>  it is an annoying background trickle, but I can see a tidal wave in 
> the distance because for every site which does sensible blocking,
>  there are 100 more who will accept the message, and so it is never 
worthwhile
> for them to edit their lists to remove the addresses which fail. 
>  Some would argue that returning a permanent error for spam is 
> incorrect, but that's my policy, it works for me, and it has the 
> support of the directors here.  If I can cut my bandwidth usage by 
> 5% and reduce the load on my MD/SA system by eradicating the garbage 
> from this one company, the effort will be worth it.
> 
> Best Wishes,
> 
> Paul.
> __________________________________________________
> Paul Murphy
> Head of Informatics
> Ionix Pharmaceuticals Ltd
> 418 Science Park, Cambridge, CB4 0PA
> 
> Tel. 01223 433741
> Fax. 01223 433788
> 
> _______________________________________________________________________
> DISCLAIMER:
> This email and any files transmitted with it are confidential and 
> intended solely for the use of the individual or entity to which they
> are addressed.  If you have received this email in error please contact
> the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741
> _______________________________________________________________________


--
EsisNet.com Webmail Client




More information about the MIMEDefang mailing list