Surely you are joking? So the first time that an AOL user sends you a single spam email you want to stop receiving email from ALL AOL users? Talk about swatting a fly with a flamethrower. Or do you want to block it based upon the sender's original IP address from the message headers? You know that spammers usually forge those? You're just going to end up blocking the large legitimate email providers and not stop the army of spam zombies that are out there. You would be better off implementing something like a DNSBL or DHUL list on your firewall. We (a med/large ISP) block any email from Dynamic IP addresses, this greatly cuts down on the spam zombie traffic.
Also remember that with IP tables the longer your table is the more "hops" that the packets must pass through before hitting your -j ACCEPT rule, if you implement it as you suggested below your IP Table will grow and grow and grow and your network performance and latency will get worse and worse and worse. Brandon -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Raj Sent: Wednesday, August 22, 2007 12:09 PM To: [email protected] Subject: [dspam-users] blocking ips of spam source in firewall Hi i want to block the ips of spam sources immediately as soon as dspam detects them as spam dspam does a logs these ips correctly into my /var/log/maillog file so i know that things are working correctly on the linux console i use the following command to block an ip address /sbin/iptables -I INPUT -s 111.111.111.111 -j DROP this code snippet below is from the dspam source ie dspam.c file in the src directory the variable called "ip" contains the ip address which is logged to the maillog file i understand that just a single line is required after the last line to execute the command but i am not sure of the C syntax can someone help me ? ########### int tracksource(DSPAM_CTX *CTX) { char ip[32]; if (!dspam_getsource (CTX, ip, sizeof (ip))) { if (CTX->totals.innocent_learned + CTX->totals.innocent_classified > 2500) { if (CTX->result == DSR_ISSPAM && _ds_match_attribute(agent_config, "TrackSources", "spam")) { FILE *file; char dropfile[MAX_FILENAME_LENGTH]; LOG (LOG_INFO, "spam detected from %s", ip); ########### thanks raj !DSPAM:30,46cc84d5155591285519399!
