Trying to do anything like this with iptables is not a really good idea. I've used a huge list of IP ranges before on my firewall, only to find that to keep it simple I had to include more than I really wanted and it still took about 5 minutes to load all the rules. Since a blacklist is something that needs to be maintained you'd have to do this on a regular basis.
Gordon Charles Steinkuehler wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Michelle Konzack wrote: > | Hello, > | > | I am running a 3.5 MBit SDSL from <http://www.nerim.net/> and have a > | @home Mailserver which is currently (since 2007-12-17) hit by daily > | several 100.000 spams (2-5 times 30-120 minutes) from over 2000 > | different IP's. > | > | My mailserver is rejecing thios shit nearly perfect but the server > | has a System- and CPU-load of nearly 100% which make the IMAP server > | unusable and since the sevrer does automated mailprocessing (40.000 > | per day) I hit a real problem. > | > | Now, since most senders (over 90%) have wrong reverse DNS I like to > | know, whether there is a possibility to block such connections on > | the router with iptables and helpers? > > You probably don't want to load your router/firewall with reverse DNS > lookups on every packet. You can configure most modern mail clients to > reject mail from senders with invalid reverse DNS, or failing that run a > proxy front-end that will perform these checks. > > I find a combination of various RBL lists and some standard non-spammer > tweaks (ie: drop early talkers, virus filtering, etc) keeps the inbound > mail load under control enough I can run everything through the fairly > CPU intensive spamassassin. We only get about 8-10K legit e-mails/day, > however (many times that in spam), so YMMV. > > If you do have a list of IP addresses you want to blackhole, you might > want to checkout packages like fail2ban: > > ~ http://www.fail2ban.org/wiki/index.php/Main_Page > > ...this is setup to scan your logs for failed login attempts and block > the IPs at the firewall, but the concept could easily be expanded to > trigger on anything you'd like. There may be something already more > specifically targeted towards e-mail, but I'm not familiar with it. > > - -- > Charles Steinkuehler > [EMAIL PROTECTED] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHhPgbLywbqEHdNFwRAnJUAKCpM9Mxh57pT/K6vgmJ6AE1JvKvFgCgjD31 > oUGTlGbo+m/fZTl6ANu7bNo= > =uL43 > -----END PGP SIGNATURE----- > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > ------------------------------------------------------------------------ > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
