Did you found the ips whois spamming your server? Have a detailed log file?
Nightduke 2008/5/27, Bgs <[EMAIL PROTECTED]>: > > I think it would be better to put geoip in a reverse DNS setup. > Doesn't need any special software. Just generate a reverse DNS file for > tinydns (most qmail setups have it installed anyway). This way lookup > caching is automatically done, no need to change spamdyke and the same > system can be used for other purposes as well. The only change needed in > spamdyke would be the geoip dns lookup which won't be a big hassle. (The > DNS answer would explicitly contain the geo ip, AS, etc. info). If there > is enough demand for it I can do the DNS part. Sam should be able to do > a quick patch on spamdyke part if he agrees. > > > Regards > Bgs > > Peter Kieser wrote: > > Would be interesting to see spamdyke support some kind of GeoIP > > database, like Maxmind GeoIP: > > > > http://www.maxmind.com/download/geoip/database/ > > > > -Peter > > > > Sam Clippinger wrote, On 5/23/2008 1:33 PM: > >> These are all good ideas and each of them would be more efficient than > >> blocking in spamdyke. > >> > >> Everything revolves around how you determine if an IP address is > >> "non-US". You need a list of IPs (or ranges) from somewhere. Once you > >> have that list, you can block them at the router, at the server's > >> kernel-level firewall or in spamdyke. If you only want to block by rDNS > >> country code, you can just list those in spamdyke's rDNS blacklist. > >> > >> -- Sam Clippinger > >> > >> Bgs wrote: > >> > >>> Hi, > >>> > >>> You can probably tune on the settings first I think. I had an Athlon XP, > >>> 1.5GB, sata software raid1 server which topped at 8million spam/day. Of > >>> course it was very loaded but still no lost mail. With your config and > >>> ~1.1 million mail/day you should be ok. > >>> > >>> But to get back to your original question: There are multiple levels > >>> where you can do it. Deciding which to use depends on the type of > >>> filtering you'd like to achieve. Here are them from low to high: > >>> > >>> - Get a geoip db, get the US ranges and do a separate chain in your > >>> firewall and whitelist those. update it about once a week. I use this to > >>> block Chinese traffic on some servers. You'd just do the opposite. > >>> - Patch the kernel and add geoip support and drop all non-us traffic to > >>> your smtp port. > >>> - Patch the kernel and do an AS based filtering. You will still need to > >>> get the AS list. > >>> - Similar to the above iptables chain you could do a similar thing from > >>> tcpserver or ipvsd. > >>> > >>> > >>> You could also set up some IP limiter which will block much of your spam > >>> traffic while not blocking the non-us world in general. > >>> > >>> The ways of the Net are endless :D > >>> > >>> Regards > >>> Bgs > >>> > >>> > >>> > >>> Kyle Quillen wrote: > >>> > >>> > >>>> When you say do it on the IP level what do you mean? > >>>> > >>>> > >>>> Well based on my spamassassin graphs it is about 8000 messages on a ten > >>>> minute average. spamassassin is what is killing me. > >>>> > >>>> Thoughts? > >>>> > >>>> Thanks > >>>> Kyle > >>>> > >>>> > >>>> > >>>> On Fri, 2008-05-23 at 17:25 +0200, Bgs wrote: > >>>> > >>>> > >>>>> Hi, > >>>>> > >>>>> > >>>>> I think you'd better do it on IP level.... much more efficient. > >>>>> > >>>>> May I ask how big is that traffic that causes the problem? mail/day, > >>>>> cuncurrent connections, etc. > >>>>> > >>>>> > >>>>> Regards > >>>>> Bgs > >>>>> > >>>>> Kyle Quillen wrote: > >>>>> > >>>>> > >>>>>> Hello all, > >>>>>> > >>>>>> I am dealing a very high load on one of my servers and it is causing > >>>>>> all > >>>>>> kinds of issues. It is a qmail toaster box with 6 gigs of ram and > >>>>>> quadcore 3.2 ghz processors. What I am wanting to know is there a way > >>>>>> that I can block all non-us ips in spamdyke? > >>>>>> > >>>>>> > >>>>>> > >>> _______________________________________________ > >>> spamdyke-users mailing list > >>> [email protected] > >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > >>> > >>> > >> _______________________________________________ > >> spamdyke-users mailing list > >> [email protected] > >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > >> > > > > _______________________________________________ > > spamdyke-users mailing list > > [email protected] > > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
