tlhackque via Mailman-Users writes: > I'm not sure what you are looking for.
I'm looking for anything that will help block swaths of Chinese spammers and possibly attacks, while allowing me to do a better job of serving students vacationing at home in China than treating them the way the Chinese government does. A unicorn, or failing that, a pony. > There are a number of geolocating services that attempt to turn IP > addresses into specific locations; for example maxmind offers a series > of databases of increasing precision for increasing prices (starting > with free). I'll try their free offering. Thank you! > But the problem is that unless you know exactly where your users (and > potential users) are located, this won't help. Do you have a list of > cities? Streets? I can frequently get down to the street level for valid users, yes, at least after first contact. > What you probably want is to identify the specific bad actors; No, I want to identify good actors and block the rest. The problem I've had in the past is that I can't depend on static IPs because I'm dealing with people using telephones, mostly. > As previously noted, fail2ban is one reactive means of dealing with > these - it reads log files and dynamically blocks IP addresses that > generate errors. It can be resource intensive, especially if you want a > reasonably fast reaction time. And specifying bad behavior is somewhat > of an art. I wouldn't call it art, but a few years ago I had a 1MB .procmailrc. :-) > One option is to provide a website for registering your users, then > allow them access via some convenient token. I'm not sure what you're suggesting. That's what is being attacked here. > Or provide a VPN (with just your web or email server as an > endpoint). I believe the Chinese have outlawed VPNs, I assume they allow TLS still, though, given the size of ecommerce there. > Or use X.509 client authentication - note that you can use this > with your mailserver. That's an interesting idea, but again my users will be mostly using phones, so I don't think this will work with mail very well, and I'm not sure how to set that up on a phone. > For this purpose, you want your own CA for X.509. Sure. > However, if you're trying to attract people who don't know if they > are interested, the cost of connecting with you would probably turn > many away. The prospect of graduate study outside of China seems to be a strong motivator so far. We'll see if it interests people in conforming to practices that increase my security. Interesting thoughts, anyway. Steve ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
