Scott,
Here are my thoughts..
> My question is... Is/Has anyone else tried this approach If so is
> impact on the amount of mail your server had to process?
Yes, I have taken this approach for the absolute worst offenders.
Mostly the most abusive senders. This however has very limited impact
over the longer term as the IP space will shift to others etc.
IMO - I just add them into a declude ipfile with an excessive weight and
am done with it. It's (for me) less of an administrative burden than
modifying firewall rules or ACL's.
In regards to efficiency it's always more efficient to block at the ip
layer (looking at the packet's src ip) than at the application layer
(processing the message)
Darrell
----------------------------------
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers.
Scott Fosseen wrote:
This is not directly a Declude questions, but yet still does apply. I am
getting a "Top Rate Controlled by IP" report from my Barracuda box that is
acting as a pre-filter to my Declude server. What I am noticing in the
reports is that the top 20 IP addresses are in 8-10 /24 ip blocks. I have
started a firewall rule in my upstream firewall and have started adding IP
address ranges to drop packets. Each IP address so far typically tries to
send between 5k-15k messages a day. Each IP block make up about 30k-80k
message. My though is by blocking the worst offenders at the firewall I
should be able to reduce the load on my SPAM equipment.
My question is... Is/Has anyone else tried this approach If so is there an
impact on the amount of mail your server had to process?
The second part of the question would have to deal with the overhead to
process a message via RBL. Would the firewall approach to blocking IP
addresses of known bulk spammers, or is Declude going to be just as
efficient with testing via RBL.
Thanks
_____________________________________________________________________
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you are not the named addressee you should not disseminate, distribute or
copy this e-mail. Your are asked to notify the sender immediately by e-mail
if you have received this e-mail by mistake and delete this e-mail from your
system. Please note that any views or opinions presented in this email are
solely those of the author and do not necessarily represent those of Prairie
Lakes Area Education Agency. Prairie Lakes Area Education Agency accepts no
liability for any damage caused by any virus transmitted by this email. -
_____________________________________________________________________
Scott Fosseen - Systems Engineer - Prairie Lakes AEA -
http://www.aea8.k12.ia.us/tech
_____________________________________________________________________
Tech support: Type "A:" at the prompt.
Customer: How do you spell that?
- actual call to computer tech support
_____________________________________________________________________
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
--
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
