----- Original Message ----- From: "Paul Murphy" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 01, 2004 10:26 AM Subject: [Mimedefang] Blocking spam senders using IPTables?
> Given that real mail from these sites is unlikely, I'm tempted to implement a > system of blocking all traffic from these IP addresses using the following > scheme: > > A. Add a date/time stamped record to a database with that IP address as the > key, and a spam count of 1 > B. If the number of records matching that IP is now 3 or more, modify the > IPTables system to drop all traffic from that IP with an ICMP Host-Prohibited > message > C. Run a daily expiry process which removes all records which are more than X > days old (with X starting at 10 days) and which removes the IPTables entry if > the new count is less than 3. Watch out for mail services that forward e-mail to your users. Think this: A user has an MSN account that gets a lot of spam, and that user sets his MSN account to forward to his local mailbox. Blam! You no longer receive _any_ email from MSN. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
