It is rumored that on or about 2002-08-14 11:40 AM -0500, Rick Osgood
wrote as follows:
>Well, pardon me. I don't really give a flippin' ".RU" what the
>suffix stands for, I just would like to hear from someone who can
>please tell me how to setup the router to either ignore or ban these.
Rick
Don't get discouraged! SIMS is well worth the learning pains. Take it
from a die-hard EIMS user who was forced into using SIMS when my EIMS
1.3 server was blacklisted as an open relay. I would now be VERY
reluctant to use anything other than SIMS.
A possible solution for your problem are router entries like mine:
*.ru = error ; russkie mail is always spam to me
*.cn = error ; chinese mail is always spam to me
*.kr = error ; korean mail is always spam to me
This ONLY works for incoming mail where the return path has one of
the 3 listed top level domains. It also prevent SIMS from SENDING
mail to any of these domains, which is useful is you have auto
responders or list serve software. Just yesterday the .cn entry
stopped a ListSTAR reply to a spammer that came from a non-.cn domain.
From my experience, routing to "spamtrap" does NOT work and routing
to NULL means that your server accepts the mail but then trashes it.
The ERROR routing bounces the mail during the SMTP handshake, and
uses none of your bandwidth.
You will still get spam from these domains if they fake the return
path (many do). The other tool you can use is your Blacklist. For
example, this entry:
218.13.0.0 - 218.18.255.255
will blacklist all of CHINANET Guangdong province network as shown here:
>Whois has started ...
>
>
>% How to use the APNIC Whois Database www.apnic.net/db/
>% Upgrade to Whois v3 on 20 August 2002 www.apnic.net/whois-v3
>% Whois data copyright terms www.apnic.net/db/dbcopyright.html
>
>inetnum: 218.13.0.0 - 218.18.255.255
>netname: CHINANET-GD
>descr: CHINANET Guangdong province network
>descr: Data Communication Division
>descr: China Telecom
>country: CN
>admin-c: CH93-AP
>tech-c: WM12-AP
>mnt-by: MAINT-CHINANET
>mnt-lower: MAINT-CHINANET-GD
>changed: [EMAIL PROTECTED] 20010528
>source: APNIC
Even mail that has a faked return path that originates from anywhere
in that IP block will be rejected.
I am not sure what IP blocks you need to blacklist to block all of
Russia, but my standard procedure is to wait until a spam gets
through my many defenses and then do a Whois on the received-from IP
number. If it looks like a netblock I am willing to live without, I
blacklist it.
--
Neil
Neil Herber, RGD
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
