Hello All,
I just wanted to share my success with you guys. I have been on the list for many years running 3 postfix servers. We don't have a lot of clients, but enough to warrant millions of connections a month by spammers. I have been using the RBL's along with other methods but we still get way too much spam. I have always used some firewall rules to block connections for port 25 from a variety of repeat offenders that connect to my servers and maybe we blocked a million or two a month . This still allowed about 14K connections per hour to hit our servers and resulted in blocking over 3 million of them via spamhaus RBL in one month. Given that number the amount of messages being checked by spamhaus was over the top and they even cut off the service to that particular server. Spam percentage was around 97% for these servers and of the 3 percent we still received a lot of spam. ( a hundred on average in my mailbox per day between spam tagged with spamassassin and junk ) Finally being aggressive I started analyzing connections, what countries they came from, I compared that to top spam countries on spamhaus and decided to take an aggressive approach. I made a list from the web of IP's in the following countries: asian.list czech.list internal-h.list internal-m.list india.list poland.list turkey.list The internal lists are from past IP's that abuse and continue to abuse our servers, the rest are all the CIDR listings from their respective countries. I fed this list into iptables to block/reject connections to port 25 from them. Now this list is a little big, and if your expecting mail from them, then simply omit that list. I got the IP numbers from here: http://www.countryipblocks.net/index.php Now my firewall takes a little to long to load, and is using more memory than I would like, BUT is blocking an average of 40K messages an hour which equates to just under 30 million smtp connections a month. This is saving a lot of additional overhead and additional resources in checking them against RBL's, CPU, bandwidth etc. I have at this point had NO false positives and have seen in my own personal spam a reduction of 90%. I'm not saying this is the definitive end all method, but I am real happy with the results and have those 14K connections per hour making it to postfix down to about 4K-5K. This method won't be good for everyone, but if you have had enough this is pretty good until something better comes along. it works! Joey
