On Wed, Feb 04, 2015 at 06:27:16PM +0200, Gil Bahat wrote:
> Also, if anyone knows of additional blocklists which can suit this usage
> (blocking users/registrations), I'd appreciate a tipoff (considering
> Spamhaus DROP/EDROP, too)
Yes, the DROP/EDROP lists are very helpful. I drop all packets to/from
them in every firewall that I operate. (The "to" is just as important.
It's not uncommon for spam to make it through that contains URLs whose
domains resolve to DROP-listed IP space. You don't want anyone or
anything inside your operation sending packets there.)
I'd also block everything originating from Amazon's cloud: all kinds
of abuse (e.g., spam, ssh brute-force attacks, etc.) comes from that
cloud and Amazon has repeatedly shown that it has absolutely no interest
in lifting a finger to stop it.
I would also strongly consider blocking, or at least filtering, all
traffic from China or Korea. Over the decade-plus that I've been using
lists of their network allocations, they've accounted for a very high
percentage of total abuse and attacks. I've steadily tightened up
my rulesets -- to the point where on my own servers, I drop all packets
from them same as DROP/EDROP. The best resource for that is here:
http://okean.com/asianspamblocks.html
They're updated often: I recommend a cron job to fetch them once a week
or so or perhaps even daily.
---rsk
_______________________________________________
mailop mailing list
[email protected]
http://chilli.nosignal.org/mailman/listinfo/mailop
