Jack put forth on 12/8/2010 1:30 PM: > FYI I have done this CIDR blocking for years at the firewall level ( people > on the list harassed me about it) with minimal false positives but still > enough to be a pain. > > I have lists from Turkey, Russia and other countries as well, but using the > firewall method was rough when people didn't get a rejection so what I did > is I converted to postfix CIDR and use fail2ban to monitor the log. If I > bounce the same IP 4 times with CIDR block then I block it at the firewall > level saving the potential backscatter and making my postfix from > overworking. I can tell you I have blocked MILLIONS of messages regularly > from these CIDR's and it does make a big difference in the spam level.
ipdeny.com is one of the "best kept" open secrets on the net. By that I mean not enough people know of it or use it, even when they are a good candidate for its use. For example, just about every soho in the U.S. that has no foreign correspondence could block all other countries with ipdeny at the firewall or smtpd level, eliminating 95%+ of their spam load with one tool. Likewise for any other soho in any other country that doesn't have foreign correspondence. It's cheap, high performance, doesn't bog servers down, no "spam folder", etc, etc. For an MX where it fits, there's no better solution IMO. -- Stan
