Am 22.03.2012 09:43, schrieb xTrade Assessory: > Robert Schetterer wrote: >> spam often is very recipient related >> i.e my beloved spambot armee relocated from china/us now to india/brasil >> during last year , looks like thats trendy > > > regarding BR > > we get most from afrinic 41.0 and pakistan 182.177, and of course our > own adsl blocks > > if you like to prevent brazil origin you could block any adsl source > since this addresses are not supposed to run a valid MTA > > if you're interested you could block connection from all rDNS IPs faking > to be an MTA and resolving to domain names which follow, each at least > several /16 if not /8 blocks > > .virtua.com.br > .dsl.telesp.net.br > .gvt.net.br > .vivotorpedo.com.br > .user.veloxzone.com.br > .speedy.com.ar > .fibertel.com.ar > .adsl.terra.cl > .prima.com.ar > > > some small sub blocks may have been relocated to other services and are > still not updated because of sloppy maintenance of the telco personal > but this problem is probably not relevant for europe > > > Hans > > > > > >
i ve done such for years, but i now have better mechs implemted before i.e postscreen, ( i dont like global rejects very much i.e banning geo ip blocks and/or domains ,after all, sometimes they needed ) my new implemented mech cant be used on every system its something equal like fail2ban does ( banning with firewall rules for some time ) but fail2ban wasnt quick enough for my bot bombards and i was tired of tons of logging, so i switched to something direct syslog related in combi with fail2ban and postscreen so now the over years staying bot problem went nearly null i will have some blog of this ,near future, stay tuned -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria