Would be interesting to see spamdyke support some kind of GeoIP database, like Maxmind GeoIP:
http://www.maxmind.com/download/geoip/database/ -Peter Sam Clippinger wrote, On 5/23/2008 1:33 PM: > These are all good ideas and each of them would be more efficient than > blocking in spamdyke. > > Everything revolves around how you determine if an IP address is > "non-US". You need a list of IPs (or ranges) from somewhere. Once you > have that list, you can block them at the router, at the server's > kernel-level firewall or in spamdyke. If you only want to block by rDNS > country code, you can just list those in spamdyke's rDNS blacklist. > > -- Sam Clippinger > > Bgs wrote: > >> Hi, >> >> You can probably tune on the settings first I think. I had an Athlon XP, >> 1.5GB, sata software raid1 server which topped at 8million spam/day. Of >> course it was very loaded but still no lost mail. With your config and >> ~1.1 million mail/day you should be ok. >> >> But to get back to your original question: There are multiple levels >> where you can do it. Deciding which to use depends on the type of >> filtering you'd like to achieve. Here are them from low to high: >> >> - Get a geoip db, get the US ranges and do a separate chain in your >> firewall and whitelist those. update it about once a week. I use this to >> block Chinese traffic on some servers. You'd just do the opposite. >> - Patch the kernel and add geoip support and drop all non-us traffic to >> your smtp port. >> - Patch the kernel and do an AS based filtering. You will still need to >> get the AS list. >> - Similar to the above iptables chain you could do a similar thing from >> tcpserver or ipvsd. >> >> >> You could also set up some IP limiter which will block much of your spam >> traffic while not blocking the non-us world in general. >> >> The ways of the Net are endless :D >> >> Regards >> Bgs >> >> >> >> Kyle Quillen wrote: >> >> >>> When you say do it on the IP level what do you mean? >>> >>> >>> Well based on my spamassassin graphs it is about 8000 messages on a ten >>> minute average. spamassassin is what is killing me. >>> >>> Thoughts? >>> >>> Thanks >>> Kyle >>> >>> >>> >>> On Fri, 2008-05-23 at 17:25 +0200, Bgs wrote: >>> >>> >>>> Hi, >>>> >>>> >>>> I think you'd better do it on IP level.... much more efficient. >>>> >>>> May I ask how big is that traffic that causes the problem? mail/day, >>>> cuncurrent connections, etc. >>>> >>>> >>>> Regards >>>> Bgs >>>> >>>> Kyle Quillen wrote: >>>> >>>> >>>>> Hello all, >>>>> >>>>> I am dealing a very high load on one of my servers and it is causing all >>>>> kinds of issues. It is a qmail toaster box with 6 gigs of ram and >>>>> quadcore 3.2 ghz processors. What I am wanting to know is there a way >>>>> that I can block all non-us ips in spamdyke? >>>>> >>>>> >>>>> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
