Thank you for the thought-provoking response. My goal with iptables filtering was to either block or forward to a tarpit, a list of troublesome IP ranges. If any ranges were to be added to this list, it would be manually by myself, so stuff like UO, etc would never get blocked whereas perhaps Joe Spammer using a hapless fellow's computer in China would.
Specifically, I have several UUnet-owned IP ranges which are spamming us. UUnet doesn't like to respond to abuse messages apparently. Comcast is also a very, very troublesome source. Although as you've implied below, blocking Comcast isn't feasible. Luckily, it's fairly easy for me to whitelist the handful of people we get perhaps 80% of our traffic from. My goal is not to block every little spammer, but to block/tarpit the most serious offenders. Thanks again, per On Thu, 03 Jun 2004 08:59:02 -0700, John Sechrest <[EMAIL PROTECTED]> wrote: > > > > perdurabo <[EMAIL PROTECTED]> writes: > > % My question, NO, questions are: > > % 1.) Will having large IPTables rulesets cause a significant > % performance hit? I have plenty of resources to spare as all the crap I > % have running on it now aren't taxing it much. Facts and educated > % opinion appreciated. > > Yes, a large or complex rule set wil give you a performance hit. > But not worse than you get with Spam Assassin. > > But, I am not clear on why you want to do this. > > If you are rejecting things on the RBL in sendmail, what > are you gaining by having yet another list to manage? > > We process over 300,000 spam messages a day at our > company. (http://www.ao.com) > There are LOTS of lists where people are having typing > problems and say ao.com instead of aol.com > > Between 550 rejection in sendmail and spamassassian, > we drop lots of the messages. > > This is so effective, that I am not clear on the iptables win. > > In fact, I fully expect that your iptables solution will > come back to bite you, when you block someone who you needed > not to block, and you have to debug why it is not working. > > % 2.) Is there a port of OpenBSD's spamd available for Linux? I've > % searched on Google with no luck. Are there any other slick tarpitting > % solutions for Linux? If I could find something, I'd probably do this > % in leiu of the iptables route, just to screw with the spammers and > % help other folks on the net. > > Most of the "spammers" out there are actually home machines, > small business machines, or university machines that have been > coopted into sending or resending spam. > > When you have a U of O host that gets compromised and you > block U of O because of it, you might be surpized at how > fast your network shrinks. > > "Messing with spammers" probably translates to you giving > your neighbors trouble, and breaking things for unsuspecting > innocents. > > Will you be blocking all of comcast too? > > In general, it does not seem like a path that leads to a happier > healthier network. > > ----- > John Sechrest . Helping people use > . computers and the Internet > . more effectively > . > . Internet: [EMAIL PROTECTED] > . > . http://www.peak.org/~sechrest > _______________________________________________ > EUGLUG mailing list > [EMAIL PROTECTED] > http://www.euglug.org/mailman/listinfo/euglug > _______________________________________________ EUGLUG mailing list [EMAIL PROTECTED] http://www.euglug.org/mailman/listinfo/euglug
