Carlos Williams put forth on 2/28/2010 10:02 PM: > On Sun, Feb 28, 2010 at 5:27 PM, Stan Hoeppner <s...@hardwarefreak.com> wrote: >> Carlos, I think it's time you join spam-l and learn all the tricks to >> fighting spam. http://spam-l.com/mailman/listinfo/spam-l > > Thanks. I will research this and see what I can learn from that list.
If you sub the list, ask Rich K about ipdeny. I learned about it from him. He's been a spam fighter since 1994 (maybe earlier). He's old school. As is Chris Lewis. Pay close attention to his posts. He's head of network security at Nortel networks, as well as the creator/maintainer of a major dnsbl, although I can't say which, lest I be shot. ;) The creator of Enemies List, Steven Champeon, is also a member, very sharp guy. Lots of experience on spam-l going waaay back. Many of the folks on the list predate SMTP. >> You could have blocked this spam with any number of methods, the simplest >> being adding the following to main.cf: >> >> smtpd_recipient_restrictions = >> reject_rbl_client zen.spamhaus.org > > I do have this in my main.cf. I don't know why it didn't reject it if > I have zen.spamhaus.org in my config unless it was added after the > spam was sent to me. Do you know? I have attached my output of > 'postconf -n' below. Look at the date/time stamp on the email transaction in your log, then check it against the CBL. If you reported it here the same day you received it, then CBL already had it listed. The CBL is incorporated into Spamhaus ZEN, but it's easier to check if an IP is listed using the CBL website than the Spamhaus website. > Is the a guide on how I can build a cidr table and block ALL mail from > Russia? I don't ever want / need mail from Russia and don't know how > to build this table and how to force Postfix to use the list. You don't need a guide. Just download the country files you want to block from ipdeny.com and add "REJECT" to the end of each line in the file so Postfix can use it, something like this: sed 's/$/ REJECT Russian email not welcome/g' ru.zone > russia.cidr Stick russia.cidr in /etc/postfix/ and to smtpd_recipient_restrictions, close to the top, add: check_client_access cidr:/etc/postfix/russia.cidr This will block all smtp connections originating from Russian IP space. Using ipdeny country listings is a simple and very effective way to stop a lot of spam. If you are sure you'll never need to receive email from a given country, using ipdeny cidr listings is the single most effective way to block spam from those countries. It's cheap on resources too, compared to dnsbl lookups. -- Stan
