On Tue, 2004-07-20 at 10:28, Robert Bartlett wrote: > Has anyone tried blocking by ip? Meaning I read somewhere you can block > access via the tcp.smtp file for qmail. Has anyone done this? If so is this > a good solution? Would you recommend this? If you do recommend this, then > what exactly do I look for in the headers to get the proper address to > block? > > Thanks > Robert
I ran some analysis on spam messages received here and put the top dozen IP addresses in the iptables rules to block smtp from those sites. Had a large number of hits in subsequent days from those IP addresses. But maintaining that would have become a nightmare. I did find a solution that had dramatic results. I implemented milter-greylist. This has reduced the number of spam messages that spamassassin processes dramatically. We went from 3000 to 6000 spam messages a day to 3 to 8 spam messages a day. The basic concept is very simple but the results are way beyond what I ever expected. During initial setup I made sure that we white listed known correspondents so their email would not be delayed. And I have since reduced the default delay period so legit MTAs that retry quickly will get their email through without a large delay. So far this has worked out great. There are a couple of different packages available to implement greylisting. The one I chose was easy to setup and does an excellent job. I know some have concerns over the delay and possibly the rejection of legitimate email. So far I have not run into problems with that. YMMV. Over all this in combination with spamassassin has allowed me to push the spam problem to the far back burner so I can concentrate on other problems (damn netgear VPNs....) -- Scot L. Harris [EMAIL PROTECTED] operation failed because: there is no message for this error (#1014)
