On Aug 25, 2013, at 12:11 PM, Niclas Arndt wrote: > I am using Spamhaus (and other methods) and over time I have amassed a list > of IP ranges that (according to Spamhaus) shouldn't be sending e-mail at all. > One problem is that this list tends to become quite long and another is that > I would like to verify it so that I don't eventually block legitimate e-mail. > > On the other hand, I would like to place as little a load as possible on > Spamhaus. > > Here are my questions: Is the iptables approach at all viable in the long run?
It seems to work well for me. I have a small number of users, though, so I can pretty safely block things without loosing stuff. My mail server's iptables INPUT chain jumps to an "SMTP_BLK" chain when the destination is an SMTP port (actually, it splits on TCP/UDP first, but it eventually ends up in a chain for only SMTP hits). It runs through a little whitelisting, then comes to a long list of IPs that are DROPped. Those never get to Postfix or Spamhaus, so they don't load anything significantly. The downside is that I have to manually enter the IPs and remove them after a while (I have a shell script to help with this, but it's still a PITA daily duty). Fail2ban helps too, but it blocks IPs completely instead of just SMTP hits. And it blocks after a number of hits. Manually is more accurate... > Is there any non-commercial way to upload a text file containing spamming IP > addresses and have it verified for correctness? I'm not sure what you mean here. Iptables won't enter an invalid IP. But if you're asking for something that checks whether the IP is active, the only way I know of to do this would involve a lot of parsing whois answers. And that'd be pretty tough. If you're asking about something to verify that an IP is indeed a spammer, that's called Spamhaus... As for just loading a list of IPs, that's easy. If your iptables packet filter is split into chains, like mine is, a simple shell script does the job -- that's one of the reasons I made my PF so complex. -- Glenn English
smime.p7s
Description: S/MIME cryptographic signature
