On 08/25/2013 08:11 PM, Niclas Arndt wrote:
Hi,
Sorry if this is slightly off-topic, but at least a bunch of experts
are listening.
I am using Spamhaus (and other methods) and over time I have amassed a
list of IP ranges that (according to Spamhaus) shouldn't be sending
e-mail at all. One problem is that this list tends to become quite
long and another is that I would like to verify it so that I don't
eventually block legitimate e-mail.
On the other hand, I would like to place as little a load as possible
on Spamhaus.
Here are my questions: Is the iptables approach at all viable in the
long run? Is there any non-commercial way to upload a text file
containing spamming IP addresses and have it verified for correctness?
postfix 2.8 and later offer the postscreen(8) triage service, which
deals very efficiently with large amounts of DNSBL lookups.
Run a local DNS cache on the postfix machine and point postscreen at zen.
You'll be hitting the spamhaus non-commercial limit long before you hit
the local cache's limits.
This automatically adds and expires DNSBL entries without any effort
from you, as a free bonus (this is the biggest problem with your
iptables approach.)
--
J.
