On Sat, 2003-03-15 at 07:14, Dave Laird wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Good morning, Joerg... > > On Saturday 15 March 2003 04:59 am, Joerg Mertin wrote: > > > Since I use spamassassin and I'm having my own blacklist (domains/IP's), > > the spam attempts have gone down. But if you check > > http://www.solsys.org/system.php under Mail/System attacks you'll see > > that through the average (Note, you can click on the Index-image for > > details) of 5minutes display, it's quite a lot what is happening there. > > I know. As fast as we block one IP /netblock range, there are half a dozen > more from the world trying to introduce themselves to us. <sigh> > > > My option is to check from time to time what where the worth time where > > I had system attacks - then block the IP-Address Class-C ranges out > > through a DROP-policy in ip-tables. > > Since neither myself nor anyone who logs onto any of my boxes has any use > for mail from Korea or Japan, I use the "scattergun" approach, and simply > drop all packets destined to port 25 from those locations. That seems to cut > down the traffic a bit. > > > Anyone has another hint on how to have a proactive way of preventing > > from spam ? Or good links to Howto's for including one of the > > distributed blacklists into the own mail-daemon ? > > Add the following lines to your default sendmail.mc (that is, if you're > using Sendmail's latest and greatest). Then run m4 /etc/mail/sendmail.mc > > /etc/mail/sendmail.cf and thump Sendmail (or whatever you call your .mc file > and wherever it may happen to be. 8-) > > FEATURE(dnsbl, blackholes.mail-abuse.org', Rejected - see > http://www.mail-abuse.org/rbl/')dnl > FEATURE(dnsbl, relays.osirusoft.com', Rejected -- see > http://www.osirusoft.com')dnl > FEATURE(dnsbl, dialups.mail-abuse.org', Dialup - see > http://www.mail-abuse.org/dul/')dnl > FEATURE(dnsbl, relays.mail-abuse.org', Open spam relay - see > http://work-rss.mail-abuse.org/rss/')dnl > FEATURE(dnsbl', relays.ordb.org\', "550 Email rejected due to mail relay - > see "\')dnl > > I'm actually somewhat impressed at the number of spam "hits" that are picked > up and rejected by osirusoft on a daily basis, not to mention impressed with > how quickly they put someone in the database when good proof is demonstrated > that they are spamming any of my domains. If I send them headers, sendmail > log entries and proof-of-spam (message) it usually takes less than 24 hours > and they are rejected. That beats sending endless complaints to > [EMAIL PROTECTED] and receiving meaningful promises that it will be handled. > > Dave
Couple of years now ago when Nimda was the virus of the time I found some code on roaring penguin that almost did what I wanted. It has a php page that you put in your document root.. that page grabs the IP number of the offending server and puts it into a text file. Then it has a cron job that parses this text file and creates the needed rules in ipchains to block that server. I modded this to do a better job of just adding new chains then modded it again to do iptables. Haven't touched it in a while but if anyone is interested let me know I'll find it and send it. James
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
