[Mimedefang] Blocking spam senders using IPTables?
Aleksandar Milivojevic
amilivojevic at pbl.ca
Wed Nov 3 10:31:35 EST 2004
Paul Murphy wrote:
> I'd also be interested in implementing a block based on address range check, so
> perhaps if more than 10 SPAM messages which scored over 10 were received from an
> address block, then the known or estimated range of SPAM senders in that block
> would be blacklisted using IPTables, with a daily review.
Probably not a good idea, since you don't know how big is remote network
block. It might be something like /24, but it also might be something
like /29. If you blindly assume it is /24, you'll get the spammer
blocked (maybe, it just might be that one of your users had .forward
file at remote site, and you can't know that either), but you will also
penalize everybody else.
Plus, some mailing lists will happily forward spam from time to time,
one popular example is Linux kernel mailing list... And there are some
criminally managed lists such as Bugtraq, that don't forward spam
(probably because it is moderated), but do some other stuff that might
trigger things here and there. So you might just as likely end up
blocking those, to delight of your users.
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the MIMEDefang
mailing list