Using qpsmtpd I'm seeing that a fair amount of my
incoming spam is being correctly identified via
the use of the dnsbl plugin.
To avoid the case of a blacklisted source IP address
attempting more than a couple of messages I'm now
adding firewall rules by parsing the output of the
DNSBL log entries:
iptables -A INPUT -p tcp --dport 25 --source $foo -j DROP
It seems inefficient to have 15,000+ iptables
rules though; so I've hacked a plugin which
is similar to check_badmailfrom, but which
works on the IP address of the sender - just grepping
a static text file of denied IPs.
Would there be any interest in such a plugin
being added to the core distribution? (I could
rework it to use dbm, or similar to speed up
lookups rather than invoking grep on each
connection, etc.)
Steve
--
Debian GNU/Linux System Administration
http://www.debian-administration.org/
