Glenn English <[email protected]> wrote: > What Sven suggested is pretty good. But I'd do all the local checks > first, then hit the RBLs on the 'Net -- it reduces the load on the > RBLs and on the local 'Net, and a CPU is faster than a 'Net connection > (I'm on a T1, so I'm very aware of bandwidth usage and speed).
In the early days of our setup we where in the opposite situation: Network bandwidth was not a problem but local compute resources (for Spamassassin and the Virus scanners) where. This is why we put all the CPU-inexpensive networking checks up at the front so that many spam mails don't get as far as hitting the CPU-intensive stuff. (Having a local caching only resolver for the MXes to use exclusively is also helpful.) > Iptables is also useful. You can block entire IP blocks for MailChimp and > the like. And entire countries, like China (many address blocks, though), > etc. Using the geoip match from xtables is helpful here. Using the information from the public Maxmind databases you can quite easily block whole countries without needing to hunt for the IP blocks manually. But of course this is the big nuke and should be use with care and deliberation. Grüße, Sven. -- Sigmentation fault. Core dumped.
