> -----Original Message----- > From: chteh [mailto:[EMAIL PROTECTED] > Sent: Monday, October 13, 2008 11:38 AM > To: Joey > Subject: Re: Finally blocking some spam > > Dear Joey, > > Thanks for your email, I am running 3 postfix mail servers too in our > research lab. > > I am quite interested with your method. Would you elaborate more about > your way to block spam. Here most we did is using postgrey and > spamassassin where these 2 combination work like a charm also. > > But i willing to learn more methods to block spam, would you share your > experiences to us too? > > Thanks. > > -- > > Best regards, > > Simon Teh > > Network and System Administrator > National Advanced IPv6 > Centre of Excellence, > School of Computer Science, > Universiti Sains Malaysia > >
Hey Simon, For us greylisting was a problem because it put a big delay on email when you were sitting waiting for a message from someone you were talking to, but that catches A LOT of email. Basically you take a list of IP blocks by country or manual lists like so: 91.124.0.0/9 92.113.0.0/9 92.112.0.0/9 83.110.0.0/9 217.132.0.0/9 71.0.0.0/8 These above connected to my server over the past 24 hours about 4K times. You feed these into iptables like so iptables -A INPUT -s 91.124.0.0/9 -p tcp -j LOG --log-prefix "SPAM-BLOCK-CIDR-LIST_NAME_HERE" iptables -A INPUT -s 91.124.0.0/9 -p tcp -m tcp --dport 25 -j DROP you can then tail /var/log/messages and see how many times you get SPAM-BLOCK working. I wrote a script to tail messages and count the amount of times "SPAM-BLOCK" entry shows up. When I run that script I get the original line from messages along with the first part of the line which shows: [RunTime:20 seconds]--[Spam:242]--[MsgHour:43560.00]-- Original Message here That's how I know the numbers I represented in my email. Here is an example of an additional line which is generated by a similar application tailing maillog: -----------------[MsgHour:4947.95]------------------------------[ TMsg:6644]---[GMsg:227 3%]---[TSpam:6416 97%]-----[RunTime:1 hour, 20 minutes and 34 seconds]------- While I did check that I was getting spam from these sources in some cases, I went blindly to those top spam countries. My clients are good about letting me know when they aren’t getting email.
