denversteve wrote:
I am running qmailrocks mail server and have not found a good answer to this
question for blocking IP instead of just processing the spam emails and
overwhelming my server.
Is there someone with a script to modify qmail-scanner-queue.pl or another
script to run /sbin/iptables to block a spam IP address on the first flagged
email, then maybe remove blocks from iptables after a day.
I know the number of ip addresses is huge with the viruses/spyware out there
so I find blocking the ip works great and I would rather have a user with a
fals positive contact me and I can unblock quickly or create a secret web
page they can visit that will remove they block.
My server is getting overwhelmed by spammers with 10K emails in an hour,
blocking countries has helped but not a very good fix.
I am an ASP/VB programmer would like bash or perl script that could run or a
direct mod to qmail scanner would really work great.
Watch out as legitimate mail servers send out messages that can be
flagged as spam. You'd be surprised how many people send HTML mail with
two words, a GIF signature, and no subject to their spouse. I wouldn't
want to block gmail due to getting one bad message from them.
To help with your problem, use black lists at your MTA. Reputable ones
do quite a bit of work to make sure there are minimal false positives
and require more than just one bad email from an IP. You then don't have
to worry about maintaining the list as they do additions and deletions.
The sender also gets a reason why they were rejected, instead of not
being able to communicate with your server. Greylisting, greet pause,
connection throttling all work as well.
Richard
