I imported a spamhaus blacklist into my Alias and it's really slowed things down.
Derrick Conner -----Original Message----- From: Glenn Kelley [mailto:[EMAIL PROTECTED] Sent: Monday, September 29, 2008 2:40 AM To: [email protected] Subject: Re: [pfSense Support] blocking spammers xml to bring up an old conversation... We literally have seen a drop in spam across the network of about 93% I have redirected the mail coming from those ip ranges to a different server - and pretty much 99% (all but just a few emails_) were actually junk mail. Great stuff. :-) On Sep 23, 2008, at 12:20 AM, Glenn Kelley wrote: > I did these a little different... > in XML I added > > in filters section > <filters> > > > <rule> > <type>block</type> > <interface>wan</interface> > <max-src-nodes/> > <max-src-states/> > <statetimeout/> > <statetype>keep state</statetype> > <os></os> > <protocol>tcp/udp</protocol> > <source> > <address>spammers</address> > </source> > <destination> > <any/> > <port>25</port> > </destination> > <descr>spammers</descr> > </rule> > > > </filters> > > then below the rules / filters section > > > > <aliases> > <alias> > <name>spammers</name> > <address>66.0.0.0/8 66.0.0.0/8 78.0.0.0/8 79.0.0.0/8 80.0.0.0/8 > 81.0.0.0/8 82.0.0.0/8 83.0.0.0/8 84.0.0.0/8 85.0.0.0/8 86.0.0.0/8 > 87.0.0.0/8 88.0.0.0/8 89.0.0.0/8 90.0.0.0/8 91.0.0.0/8 92.0.0.0/8 > 93.0.0.0/8 94.0.0.0/8 95.0.0.0/8 116.0.0.0/8 121.0.0.0/8 122.0.0.0/8 > 123.0.0.0/8 124.0.0.0/8 125.0.0.0/8 194.0.0.0/8 195.0.0.0/8 > 200.0.0.0/8 201.0.0.0/8 202.0.0.0/8 203.0.0.0/8 210.0.0.0/8 > 190.0.0.0/8</address> > <descr>SMTP Block Known Spam Networks</descr> > <type>network</type> > <detail>smtp block spam Canada||smtp block Spam Canada||smtp > block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam > Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam|| > smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block > Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam > Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam|| > smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block > Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam > Amsterdam||smtp block Spam Amsterdam||smtp block Spam Asia||smtp > block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam > Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam|| > smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block > Spam Mexico||smtp block Spam Mexico||smtp block Spam Mexico||smtp > block Spam Mexico||smtp block Spam Mexico||smtp block Spam Mexico||</ > detail> > </alias> > </aliases> > > > Seems to work well. > > On Sep 22, 2008, at 9:25 PM, Derrick Conner wrote: > >> I've attached my cleaned up XML of all the subnets I block. Feel >> free to post it, or whatever you want to do with it. I would have >> sent >> it to Joe Laffey, but I think my spam filter got him. >> >> >> Derrick >> >> -----Original Message----- >> From: Glenn Kelley [mailto:[EMAIL PROTECTED] >> Sent: Monday, September 22, 2008 10:43 AM >> To: [email protected] >> Subject: Re: [pfSense Support] blockign china >> >> I would need to know perl . >> >> I have given my wife a few of those in the past.... >> hmmm >> >> going to her jewlery box >> >> all kidding aside - i think your right. >> >> I will see what I can come up w/ - i think this might help the >> pfsense >> community @ large. >> In fact - it seems simple enough - it might make a very simple pkg >> >> just a thought - >> >> I think if it were a pkg - it could then parse those lists every >> month >> or so - cron job 1 time per month >> and then reinject the changes >> >> This way it stays up to date... >> >> I would say 95% of the hacking attempts we are seeing in our >> datacenter are all out of China and Korea - >> the last 5 % would be say 4% from Russia and 1% from script kiddies >> in >> the US >> >> Then again 99.256% of all statistics are made up 98.721% of the time >> >> I know my #'s are close however >> >> Glenn >> >> >> On Sep 22, 2008, at 10:08 AM, Joe Laffey wrote: >> >>> On Mon, 22 Sep 2008, Glenn Kelley wrote: >>> >>>> Thanks Joe - >>>> >>>> I saw that... >>>> >>>> My concern was typing all of those into the system one by one by >>>> one... >>>> >>>> Its okay if I gotta do it :-) >>>> My hope was that someone already has - and that they could put out >>>> that part of their xml file - so the community could all benefit. >>> >>> >>> I would think you could write a perl script to convert those into a >>> segment of XML that you could then paste into a saved config. Then >>> reload that config. >>> >>> >>> >>> -- >>> Joe Laffey | Visual Effects for Film and Video >>> LAFFEY Computer Imaging | >>> ------------------------------------- >>> St. Louis, MO | Show Reel http://LAFFEY.tv/?e11861 >>> USA | >>> ------------------------------------- >>> . | -*- Digital Fusion Plugins -*- >>> >> ------------------------------------------------------------------------ >> -- >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> <Big >> Spammers >> .zip >> > >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
