I think it would be better to put geoip in a reverse DNS setup. Doesn't need any special software. Just generate a reverse DNS file for tinydns (most qmail setups have it installed anyway). This way lookup caching is automatically done, no need to change spamdyke and the same system can be used for other purposes as well. The only change needed in spamdyke would be the geoip dns lookup which won't be a big hassle. (The DNS answer would explicitly contain the geo ip, AS, etc. info). If there is enough demand for it I can do the DNS part. Sam should be able to do a quick patch on spamdyke part if he agrees.
Regards Bgs Peter Kieser wrote: > Would be interesting to see spamdyke support some kind of GeoIP > database, like Maxmind GeoIP: > > http://www.maxmind.com/download/geoip/database/ > > -Peter > > Sam Clippinger wrote, On 5/23/2008 1:33 PM: >> These are all good ideas and each of them would be more efficient than >> blocking in spamdyke. >> >> Everything revolves around how you determine if an IP address is >> "non-US". You need a list of IPs (or ranges) from somewhere. Once you >> have that list, you can block them at the router, at the server's >> kernel-level firewall or in spamdyke. If you only want to block by rDNS >> country code, you can just list those in spamdyke's rDNS blacklist. >> >> -- Sam Clippinger >> >> Bgs wrote: >> >>> Hi, >>> >>> You can probably tune on the settings first I think. I had an Athlon XP, >>> 1.5GB, sata software raid1 server which topped at 8million spam/day. Of >>> course it was very loaded but still no lost mail. With your config and >>> ~1.1 million mail/day you should be ok. >>> >>> But to get back to your original question: There are multiple levels >>> where you can do it. Deciding which to use depends on the type of >>> filtering you'd like to achieve. Here are them from low to high: >>> >>> - Get a geoip db, get the US ranges and do a separate chain in your >>> firewall and whitelist those. update it about once a week. I use this to >>> block Chinese traffic on some servers. You'd just do the opposite. >>> - Patch the kernel and add geoip support and drop all non-us traffic to >>> your smtp port. >>> - Patch the kernel and do an AS based filtering. You will still need to >>> get the AS list. >>> - Similar to the above iptables chain you could do a similar thing from >>> tcpserver or ipvsd. >>> >>> >>> You could also set up some IP limiter which will block much of your spam >>> traffic while not blocking the non-us world in general. >>> >>> The ways of the Net are endless :D >>> >>> Regards >>> Bgs >>> >>> >>> >>> Kyle Quillen wrote: >>> >>> >>>> When you say do it on the IP level what do you mean? >>>> >>>> >>>> Well based on my spamassassin graphs it is about 8000 messages on a ten >>>> minute average. spamassassin is what is killing me. >>>> >>>> Thoughts? >>>> >>>> Thanks >>>> Kyle >>>> >>>> >>>> >>>> On Fri, 2008-05-23 at 17:25 +0200, Bgs wrote: >>>> >>>> >>>>> Hi, >>>>> >>>>> >>>>> I think you'd better do it on IP level.... much more efficient. >>>>> >>>>> May I ask how big is that traffic that causes the problem? mail/day, >>>>> cuncurrent connections, etc. >>>>> >>>>> >>>>> Regards >>>>> Bgs >>>>> >>>>> Kyle Quillen wrote: >>>>> >>>>> >>>>>> Hello all, >>>>>> >>>>>> I am dealing a very high load on one of my servers and it is causing all >>>>>> kinds of issues. It is a qmail toaster box with 6 gigs of ram and >>>>>> quadcore 3.2 ghz processors. What I am wanting to know is there a way >>>>>> that I can block all non-us ips in spamdyke? >>>>>> >>>>>> >>>>>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
