Sorry, I meant it slowed the SPAM. The 2.6 GHz Xeon and 4 gigs ram is doing just fine.
Derrick Conner DR IT(tm) Microsoft Certified Partner CIO/Senior Systems Engineer EE, MCSE+I, CNE, Office: 210-824-5166 x30 Cell: 210-213-1616 [EMAIL PROTECTED] http://www.dr-it.com For a more immediate response, please send all help requests to [EMAIL PROTECTED] or call our Hotline at 210-807-3554. CONFIDENTIALITY NOTICE: This communication and all attachments are intended only for the use of the individual(s) or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. All contents are the copyright property of the sender. If you are not the intended recipient, you are bound to respect the sender's worldwide legal rights, furthermore you are notified that any use, dissemination, forwarding, distribution, or copying of the communication is strictly prohibited. Unintended recipients must delete the e-mail and destroy all electronic copies in all systems, retaining no copies in any media. Please notify the sender immediately by e-mail if you have received this by mistake and delete this e-mail from your system. Thank you for your cooperation. -----Original Message----- From: Glenn Kelley [mailto:[EMAIL PROTECTED] Sent: Sunday, October 05, 2008 1:27 AM To: support@pfsense.com Subject: Re: [pfSense Support] blocking spammers xml its a ton of ips might be good using a speedy box with lots of ram Quad Core Xeon here - with 4gb ram helped a ton On Oct 5, 2008, at 2:16 AM, Derrick Conner wrote: > I imported a spamhaus blacklist into my Alias and it's really slowed > things down. > > Derrick Conner > > > -----Original Message----- > From: Glenn Kelley [mailto:[EMAIL PROTECTED] > Sent: Monday, September 29, 2008 2:40 AM > To: support@pfsense.com > Subject: Re: [pfSense Support] blocking spammers xml > > to bring up an old conversation... > > We literally have seen a drop in spam across the network of about 93% > > I have redirected the mail coming from those ip ranges to a different > server - and pretty much 99% (all but just a few emails_) were > actually junk mail. > > Great stuff. > > :-) > > > On Sep 23, 2008, at 12:20 AM, Glenn Kelley wrote: > >> I did these a little different... >> in XML I added >> >> in filters section >> <filters> >> >> >> <rule> >> <type>block</type> >> <interface>wan</interface> >> <max-src-nodes/> >> <max-src-states/> >> <statetimeout/> >> <statetype>keep state</statetype> >> <os></os> >> <protocol>tcp/udp</protocol> >> <source> >> <address>spammers</address> >> </source> >> <destination> >> <any/> >> <port>25</port> >> </destination> >> <descr>spammers</descr> >> </rule> >> >> >> </filters> >> >> then below the rules / filters section >> >> >> >> <aliases> >> <alias> >> <name>spammers</name> >> <address>66.0.0.0/8 66.0.0.0/8 78.0.0.0/8 > 79.0.0.0/8 80.0.0.0/8 >> 81.0.0.0/8 82.0.0.0/8 83.0.0.0/8 84.0.0.0/8 85.0.0.0/8 86.0.0.0/8 >> 87.0.0.0/8 88.0.0.0/8 89.0.0.0/8 90.0.0.0/8 91.0.0.0/8 92.0.0.0/8 >> 93.0.0.0/8 94.0.0.0/8 95.0.0.0/8 116.0.0.0/8 121.0.0.0/8 122.0.0.0/8 >> 123.0.0.0/8 124.0.0.0/8 125.0.0.0/8 194.0.0.0/8 195.0.0.0/8 >> 200.0.0.0/8 201.0.0.0/8 202.0.0.0/8 203.0.0.0/8 210.0.0.0/8 >> 190.0.0.0/8</address> >> <descr>SMTP Block Known Spam Networks</descr> >> <type>network</type> >> <detail>smtp block spam Canada||smtp block Spam > Canada||smtp >> block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam >> Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam|| >> smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block >> Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam >> Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam|| >> smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block >> Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam >> Amsterdam||smtp block Spam Amsterdam||smtp block Spam Asia||smtp >> block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam >> Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam|| >> smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block >> Spam Mexico||smtp block Spam Mexico||smtp block Spam Mexico||smtp >> block Spam Mexico||smtp block Spam Mexico||smtp block Spam Mexico||</ >> detail> >> </alias> >> </aliases> >> >> >> Seems to work well. >> >> On Sep 22, 2008, at 9:25 PM, Derrick Conner wrote: >> >>> I've attached my cleaned up XML of all the subnets I block. Feel >>> free to post it, or whatever you want to do with it. I would have >>> sent >>> it to Joe Laffey, but I think my spam filter got him. >>> >>> >>> Derrick >>> >>> -----Original Message----- >>> From: Glenn Kelley [mailto:[EMAIL PROTECTED] >>> Sent: Monday, September 22, 2008 10:43 AM >>> To: support@pfsense.com >>> Subject: Re: [pfSense Support] blockign china >>> >>> I would need to know perl . >>> >>> I have given my wife a few of those in the past.... >>> hmmm >>> >>> going to her jewlery box >>> >>> all kidding aside - i think your right. >>> >>> I will see what I can come up w/ - i think this might help the >>> pfsense >>> community @ large. >>> In fact - it seems simple enough - it might make a very simple pkg >>> >>> just a thought - >>> >>> I think if it were a pkg - it could then parse those lists every >>> month >>> or so - cron job 1 time per month >>> and then reinject the changes >>> >>> This way it stays up to date... >>> >>> I would say 95% of the hacking attempts we are seeing in our >>> datacenter are all out of China and Korea - >>> the last 5 % would be say 4% from Russia and 1% from script kiddies >>> in >>> the US >>> >>> Then again 99.256% of all statistics are made up 98.721% of the time >>> >>> I know my #'s are close however >>> >>> Glenn >>> >>> >>> On Sep 22, 2008, at 10:08 AM, Joe Laffey wrote: >>> >>>> On Mon, 22 Sep 2008, Glenn Kelley wrote: >>>> >>>>> Thanks Joe - >>>>> >>>>> I saw that... >>>>> >>>>> My concern was typing all of those into the system one by one by >>>>> one... >>>>> >>>>> Its okay if I gotta do it :-) >>>>> My hope was that someone already has - and that they could put out >>>>> that part of their xml file - so the community could all benefit. >>>> >>>> >>>> I would think you could write a perl script to convert those into a >>>> segment of XML that you could then paste into a saved config. Then >>>> reload that config. >>>> >>>> >>>> >>>> -- >>>> Joe Laffey | Visual Effects for Film and Video >>>> LAFFEY Computer Imaging | >>>> ------------------------------------- >>>> St. Louis, MO | Show Reel http://LAFFEY.tv/? >>>> e11861 >>>> USA | >>>> ------------------------------------- >>>> . | -*- Digital Fusion Plugins -*- >>>> >>> > ------------------------------------------------------------------------ >>> -- >>>> >>>> > --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> <Big >>> Spammers >>> .zip >>>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
