On Mon, 24 Feb 2003 12:07, Mark Lijftogt wrote: > In comparisin with a mail adress probe, wich I recive 30 times a day if I > don't completly block a couple of hongarian and chinese ISP's, the domain > is useless for any commercial form, and does harm me in a financial way if > I realy don't do anything about it.
Below is part of my blocking list from one server. The entries below were all put in as a direct result of spam. In the case of Kornet and chinanet every time they spammed me I blocked the netblock in question. I probably haven't blocked all of those ISPs, just the parts that spam me excessively. The DNSBL services work well for most spammers, but some of those big Asian ISPs just have too many IP addresses for them to work well for anything other than blanket blocking. # stop this machine from emailing crap to us ipchains -A input -l -j DENY -s 195.188.16.215 # kornet is a spam haven 61.72.0.0 - 61.77.255.255 blocked ipchains -A input -l -j REJECT -p tcp -s 61.72.0.0/14 -d 0.0.0.0/0 smtp ipchains -A input -l -j REJECT -p tcp -s 61.76.0.0/15 -d 0.0.0.0/0 smtp # kornet is a spam haven 211.197.188.0-211.197.200.255 blocked ipchains -A input -l -j REJECT -p tcp -s 211.197.188.0/22 -d 0.0.0.0/0 smtp ipchains -A input -l -j REJECT -p tcp -s 211.197.192.0/21 -d 0.0.0.0/0 smtp ipchains -A input -l -j REJECT -p tcp -s 211.197.200.0/24 -d 0.0.0.0/0 smtp # kornet is a spam haven 211.194.106.64-211.194.106.127 blocked ipchains -A input -l -j REJECT -p tcp -s 211.194.106.64/26 -d 0.0.0.0/0 smtp # kornet is a spam haven 211.217.138.0-211.217.143.255 blocked ipchains -A input -l -j REJECT -p tcp -s 211.217.138.0/23 -d 0.0.0.0/0 smtp ipchains -A input -l -j REJECT -p tcp -s 211.217.140.0/22 -d 0.0.0.0/0 smtp # kornet is a spam haven 211.229.24.0-211.229.36.255 blocked ipchains -A input -l -j REJECT -p tcp -s 211.229.24.0/21 -d 0.0.0.0/0 smtp ipchains -A input -l -j REJECT -p tcp -s 211.229.32.0/22 -d 0.0.0.0/0 smtp ipchains -A input -l -j REJECT -p tcp -s 211.229.36.0/24 -d 0.0.0.0/0 smtp # kornet is a spam haven 211.48.62.0-211.48.63.255 blocked ipchains -A input -l -j REJECT -p tcp -s 211.48.62.0/23 -d 0.0.0.0/0 smtp # chinanet.net is a spam haven 202.98.32.0-202.98.63.255 blocked ipchains -A input -l -j REJECT -p tcp -s 202.98.32.0/19 -d 0.0.0.0/0 smtp # hananet is a spam haven 211.200.118.0-211.200.119.255 blocked ipchains -A input -l -j REJECT -p tcp -s 211.200.118.0/23 -d 0.0.0.0/0 smtp # chinanet.net is a spam haven 218.75.128.0 - 218.77.127.255 blocked ipchains -A input -l -j REJECT -p tcp -s 218.75.128.0/16 -d 0.0.0.0/0 smtp ipchains -A input -l -j REJECT -p tcp -s 218.76.128.0/15 -d 0.0.0.0/0 smtp # chinanet.cn.net is a spam haven 61.163.224.128 - 61.163.224.135 blocked ipchains -A input -l -j REJECT -p tcp -s 61.163.224.0/24 -d 0.0.0.0/0 smtp # chinanet.cn.net is a spam haven 218.6.0.0 - 218.6.127.255 blocked ipchains -A input -l -j REJECT -p tcp -s 218.6.0.0/17 -d 0.0.0.0/0 smtp # chinanet.cn.net is a spam haven 218.28.0.0 - 218.29.255.255 blocked ipchains -A input -l -j REJECT -p tcp -s 218.28.0.0/15 -d 0.0.0.0/0 smtp # korea.com is a spam haven 210.221.83.0-210.221.83.255 blocked ipchains -A input -l -j REJECT -p tcp -s 210.221.83.0/24 -d 0.0.0.0/0 smtp # stop this broken Chinese web crawler from attacking us ipchains -A input -l -j DENY -s 139.175.250.0/24 # stop the stupid naver-mailer from attacking us ipchains -A input -l -j DENY -p tcp -s 211.218.150.0/24 -d 0.0.0.0/0 smtp -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
