These are all good ideas and each of them would be more efficient than blocking in spamdyke.
Everything revolves around how you determine if an IP address is "non-US". You need a list of IPs (or ranges) from somewhere. Once you have that list, you can block them at the router, at the server's kernel-level firewall or in spamdyke. If you only want to block by rDNS country code, you can just list those in spamdyke's rDNS blacklist. -- Sam Clippinger Bgs wrote: > Hi, > > You can probably tune on the settings first I think. I had an Athlon XP, > 1.5GB, sata software raid1 server which topped at 8million spam/day. Of > course it was very loaded but still no lost mail. With your config and > ~1.1 million mail/day you should be ok. > > But to get back to your original question: There are multiple levels > where you can do it. Deciding which to use depends on the type of > filtering you'd like to achieve. Here are them from low to high: > > - Get a geoip db, get the US ranges and do a separate chain in your > firewall and whitelist those. update it about once a week. I use this to > block Chinese traffic on some servers. You'd just do the opposite. > - Patch the kernel and add geoip support and drop all non-us traffic to > your smtp port. > - Patch the kernel and do an AS based filtering. You will still need to > get the AS list. > - Similar to the above iptables chain you could do a similar thing from > tcpserver or ipvsd. > > > You could also set up some IP limiter which will block much of your spam > traffic while not blocking the non-us world in general. > > The ways of the Net are endless :D > > Regards > Bgs > > > > Kyle Quillen wrote: > >> When you say do it on the IP level what do you mean? >> >> >> Well based on my spamassassin graphs it is about 8000 messages on a ten >> minute average. spamassassin is what is killing me. >> >> Thoughts? >> >> Thanks >> Kyle >> >> >> >> On Fri, 2008-05-23 at 17:25 +0200, Bgs wrote: >> >>> Hi, >>> >>> >>> I think you'd better do it on IP level.... much more efficient. >>> >>> May I ask how big is that traffic that causes the problem? mail/day, >>> cuncurrent connections, etc. >>> >>> >>> Regards >>> Bgs >>> >>> Kyle Quillen wrote: >>> >>>> Hello all, >>>> >>>> I am dealing a very high load on one of my servers and it is causing all >>>> kinds of issues. It is a qmail toaster box with 6 gigs of ram and >>>> quadcore 3.2 ghz processors. What I am wanting to know is there a way >>>> that I can block all non-us ips in spamdyke? >>>> >>>> > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
