Blocking spam by IP number

[Bruce Perens]

I'm building a spam blocking package for Debian. While that is going on,
some of you might find this useful. Look for the SMTP daemon in
your /etc/inetd.conf . If it's being started through "tcpd", you'll see
an invocation of "tcpd" in the file on the same line just before the
invocation of the SMTP daemon, like this:

        smtp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sendmail -bs

then you already have "tcpd" filtering your mail connections. If that's
not the case, read the man page on "tcpd". Once "tcpd" is set up, you can
add the following text to the beginning of /etc/hosts.allow . This blocks
connections from AGIS, a haven for spammers. I'd be interested in hearing
about other IP addresses that should be blocked.

My final version will not simply deny the connections, but will output
an SMTP error to them which will cause an immediate mail bounce at their
end.

        Thanks

        Bruce

# Bounce  mail from hosts with names that don't match their own IP addresses.
# This is either a forgery or a DNS problem.
tcp-env qmail-smtpd in.smtpd in-smtpd smtpd sendmail smail exim: \
        PARANOID : deny

# The following net blocks are denied e-mail access because they belong to
# sites that have not yet established an effective anti-spam policy.

# AGIS provides net connectivity to most of the well-known spammers.
tcp-env qmail-smtpd in.smtpd in-smtpd smtpd sendmail smail exim: \
        205.254.160.0/255.255.224.0 \
        206.82.252.0/255.255.255.0 \
        207.142.0.0/255.255.0.0 \
        207.15.68.0/255.255.252.0 \
        208.18.18.0/255.255.255.0 \
        208.18.4.0/255.255.252.0 \
        209.14.0.0/255.255.0.0 \
        204.68.252.0/255.255.255.0 \
        204.137.128.0/255.255.128.0 \
        205.164.0.0/255.255.0.0 \
        206.62.0.0/255.255.0.0 \
        205.198.0.0/255.254.0.0 \
        206.42.0.0/255.254.0.0 \
        206.148.0.0/255.254.0.0 \
        206.185.0.0/255.255.0.0 \
        206.248.0.0/255.252.0.0 \
        206.84.0.0/255.254.0.0 \
        204.157.0.0/255.255.0.0: \
        deny

# Here's a catch-all rule that replaces Qmail's "tcp-env" program.
qmail-smtpd in.smtpd in-smtpd smtpd sendmail smail exim: \
        ALL: \
        rfc931 30: setenv PROTO TCP: setenv TCPLOCALHOST %H: \
        setenv TCPLOCALIP %A: setenv TCPREMOTEHOST %h: \
        setenv TCPREMOTEIP %a: setenv TCPREMOTEINFO %c: allow
-- 
Can you get your operating system fixed when you need it?
Linux - the supportable operating system. http://www.debian.org/support.html
Bruce Perens K6BP   [EMAIL PROTECTED]   510-215-3502


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .