[Mimedefang] 100K SA limit doesn't seem to be enough any more :(

Wed Mar 19 10:07:23 EDT 2008

On Wed, Mar 19, 2008 at 08:53:12AM -0400, Cormack, Ken wrote:
> Something we've used successfully here, is blocking based on geographic
> country of origin, of the IP address of the relay.  Using MaxMind's GeoIP

Yikes.

>   # These are the country codes to block
>   @codes = (AD, AE, AF, AG, AI, AL, AM, AN, AO, AR, AS, AT,
>             AW, AZ, BA, BB, BD, BF, BG, BH, BI, BJ, BN, BO,
>             BR, BS, BT, BW, BY, BZ, CC, CD, CF, CG, CH, CI,
>             CK, CL, CM, CN, CO, CR, CS, CU, CY, CZ, DJ, DK,
>             DM, DO, DZ, EC, EE, EG, EH, ER, ET, FI, FJ, FK,
>             FM, FO, GA, GD, GE, GF, GH, GI, GM, GN, GW, GP,
>             GQ, GR, GT, GU, GY, HK, HN, HR, HT, HU, ID, IL,
>             IN, IQ, IR, IS, JM, JO, JP, KE, KG, KH, KI, KM,
>             KN, KP, KR, KW, KY, KZ, LA, LB, LC, LI, LK, LR,
>             LS, LT, LU, LV, LY, MA, MC, MD, MG, MH, MK, ML,
>             MM, MN, MO, MP, MQ, MR, MS, MT, MV, MW, MY, MZ,
>             NA, NC, NE, NF, NG, NI, NL, NO, NP, NR, NU, NZ,
>             OM, PA, PE, PF, PG, PH, PK, PL, PM, PN, PS, PT,
>             PW, PY, QA, RO, RU, RW, SA, SB, SC, SD, SG, SH,
>             SI, SK, SL, SM, SN, SO, SR, ST, SV, SY, SZ, TC,
>             TD, TG, TH, TJ, TK, TL, TM, TN, TO, TR, TT, TV,
>             TW, TZ, UA, UG, UY, UZ, VA, VC, VE, VN, VU, WF,
>             WS, YE, YT, ZA, ZM, ZW);

Aren't you better off using a whitelist of countries that you do want
to receive mail from? That way you wont' start receiving mail from
crapmenichstan once it separates itself from dunceburg (or other
balkanization effort that are or might be under way).

By the way, you're not blocking the largest spam source in the world:
.us. Just a helpful hint.

What we use is RBL checks (zen.spamhaus.org is really recommended),
a HELO pattern check (gathered using statistics and common sense)
and spamassassin.

(Then again, if this mail wasn't sent through the mailing list, you
wouldn't even receive it, unless you have me whitelisted :)

-- 
Jan-Pieter Cornet <johnpc at xs4all.nl>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indefinitely to allow verification of the logs.  !!