On Aug 23, 2009, at 8:08, Byung-Hee HWANG wrote:
At Sat, 22 Aug 2009 08:56:28 -0700,
Security Admin (NetSec) wrote:
[1 <text/plain; us-ascii (quoted-printable)>]
Could someone provide links to sites where IP addresses are grouped
by country? ASNs would work too but would prefer IP lists that I
could put in a file that my postfix mail gateway could read.
Obvious countries like China and Brazil I would like to block
wholesale. Thanks in advance!
[2 <text/html; us-ascii (quoted-printable)>]
Please don't do that. There are many open source committers in Asia
and Brasil. You need time to think about that seriously.
I block netblocks wholesale, if the netblock is outside the USA, when
I get a single spam from the netblock. I used to dig deeper into
APNIC or AFRINIC or BRNIC or LACNIC or RIPE (or... or ...) to block
only the offending ISP, but then I realized that I and the people
using my mail server have essentially no need to communicate directly
with anyone outside the USA. Also, I have found that nearly 100% of
my spam originates from APNIC and BRNIC netblocks.
After implementing this sort of filtering, I have watched my spam load
drop from 1,000+ spams a day to a few dozen, sometimes as low as only
5 or so spams a day.
As to what I do, I use iptables to drop all packets from offending
networks. In addition to not being able to connect to my Postfix
server, they can't ping me or see my web server either.
If I ever need to communicate directly with someone outside the USA,
I'll open it back up, but so far all it has done has been to
essentially eliminate my spam.
Daniel
