On Sat, 2015-03-14 at 19:14 +0100, Jan Ingvoldstad wrote: > Usually, though, you _could_ block by ASN instead of /xx, as some VPS > and colo providers out there don't have a functional anti-spam policy.
I do more or less this manually using a utility I wrote which manages a file in /etc/courier/smtpaccess. A whois lookup of an address gives me the size of an assigned block and this goes into my spam block util, which assigns a "sentence" and an expire date, and the address is blocked using Courier's smtpaccess facility until its sentence has been served. If an address in the block re-offends, its sentence automatically gets bumped and its expire date pushed out into the future by this length of time. Interestingly, what I'm seeing is that the lion's share of spam on the Internet seems to come regularly from c.a. 200 systems or so. The database of regularly abusing address blocks takes time to build, but within 6 months or so it should have a pretty good record of those IPPs that tolerate or encourage spamming. My question concerns modifications I'm making to Gordon Messmer's ratelimit.py pythonfilter module which will automatically block everything from the most commonly abused adjacent address space when the receive rate from any address in the space exceeds the ratelimit threshold. For v4, this seems to be everything in a /24 address group although I'm sure some spam engines rotate through a larger or smaller one. For a v6 addresses Gordon tells me that the standard allocation is a /48 group, so I'll start with this. -- Lindsay Haisley | "UNIX is user-friendly, it just FMP Computer Services | chooses its friends." 512-259-1190 | -- Andreas Bogk http://www.fmp.com | ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
