On Sat, 1 Mar 2003 22:09:04 -0500 (EST) "Scott St. John" <[EMAIL PROTECTED]> wrote:
> Until I can migrate my clients over to Postfix I have been using the > access lists in Sendmail to block certain repeat spammers. I am > wondering if I could just use iptables to block them and take the load > off Sendmail? > > My question would be > 1)Is that practical Sometimes... it depends on the spam... some jerks use IP address spoofing which makes it impossible to block with iptables... however, I'm using a new tactic to combat the likes of cyberproxy.com... I look up the registered owner of the domain and set a sylpheed filter to auto-forward the postfix reject notices to the registered owner/technical contact... so far, with some success... even had cyberproxy people e-mail me and try to claim innocence with some gibberish about knowing where the spoofed addresses were really coming from... not them... so why have they subsided so much...? :) > 2)Is the proper way to block an entire network this: Blocking addresses over time will be the least of your concerns; re-blocking a long list of bad actors will test your patience... in case it helps, I have a simple (not very fancy but it works for me) script to do this (http://pfortin.com/Linux/drop) -- I used to block a lot of addresses (http://pfortin.com/Linux/iptablesDROPHIST); but I get daily reports on which addresses are hitting and the worst are just a few: Chain INPUT (policy ACCEPT 28M packets, 6119M bytes) pkts bytes target prot opt in out source destination 6 288 DROP tcp -- * * 210.0.0.0/8 0.0.0.0/0 tcp dpt:25 122 5788 DROP tcp -- * * 64.53.0.0/16 0.0.0.0/0 tcp dpt:80 60 2880 DROP tcp -- * * 66.54.199.170 0.0.0.0/0 tcp dpt:25 117 5616 DROP all -- * * 211.154.65.253 0.0.0.0/0 Since I've been blocking spam for so long, the counts are much lower than they used to be... Using this info, I comment out many of the addresses in the history file and reload iptables with the same script -- no sense adding performance problems by trying to block most of the 'net... In addition to blocking spammers, I block anyone who tries to use my website as a relay and everything from anyone that shows up in my CodeRed, Nimda, etc. traps. Not all of this is documented on my site; but some is... would have more time for this if I wasn't fighting 9.0 so much... :P I use postfix to filter out most of the crap that iptables can't... (http://pfortin.com/Linux/PostFix/) HTH, Pierre (I *HATE* SPAMMERS!!!) > iptables -A INPUT -s 209.8.161.0/24 -j DROP > > I added this, however traffic from this network is still reaching my > mail server. I want to block EVERYTHING from that network as they are > sending porn mail to my clients. > > Thanks, > > -Scott > > >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
