On Wed, May 06, 2015 at 07:28:40PM +1200, Mark Foster wrote:
[a number of excellent suggestions]
There are some other measures that -- depending on the nature of the
lists involved -- might help.
1. Use the Spamhaus Xen DNSBL in the MTA that's in front of Mailman.
2. Configure the MTA to defer traffic from hosts that don't have FcrDNS.
(If necessary for some mailing list members, whitelist their individual
addresses so that they can get past that.)
3a. Firewall or otherwise block particularly problematic spam sources,
e.g., China, Korea, Amazon's cloud, etc. (Obviously this won't
work if you have subscribers trying to submit traffic from China.)
See http://www.okean.com/asianspamblocks.html
3b. Alternatively, if all the subscribers are from the same country,
firewall/block out the planet with a default rule and only allow mail
traffic from that country. See http://ipdeny.com/
I use these (and other) measures combined with limited whitelisting
(of a subset of subscriber addresses) in order to stop as much spam
as possible before it gets to Mailman while still letting through
legitimate mailing list traffic. It's not a perfect solution (that
would require FP=0 and FN=0 simultaneously) but it's not bad.
---rsk
_______________________________________________
mailop mailing list
[email protected]
http://chilli.nosignal.org/mailman/listinfo/mailop
