|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Blocking mail from a list of IP Addresses
From: /dev/rob0 (rob0
gmx.co.uk)
Date: Fri Nov 18 2005 - 20:27:30 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Friday 2005-November-18 18:31, Ron Wheeler wrote:
> I do not want to do rbl lookups since spamassassan is doing a good
> job of identifying spam without it and I am not sure if I have the
> resources on the mail server to do this.
Then you misunderstand. SA is far more resource intensive. You are
accepting the entire content of these spams and running SA against
that. A reject_rbl_client restriction is only one small DNS query,
requiring little in CPU and bandwidth. With a caching nameserver
running on the mail server, you spend a little more memory and get
significant savings on bandwidth.
A "reject_rbl_client sbl-xbl.spamhaus.org" might cut your CPU and
bandwidth usage for spam by 70%. Judicious choices of other RBL's can
easily eliminate 90% of the spam before the SMTP DATA command. I use
several with minimal risk of false positives, and those themselves are
less problem than if SA misidentified ham as spam, because my sender
gets a rejection notice right away.
> My firewall is much more powerful (4x) than the mail server (accident
> of timing - new firewall older server) and does not have too much
> else to do (DNS and proxying web and socks for 10-15 people.) The
> mail server is busy running spamassassan against the 16,000 e-mails
> that are addressed to real addresses..
I would consider swapping the two machines.
> "tarpitting spammers" is perhaps more of a psychic benefit for me.
If you want "feel good" benefits (misuse of the word, "psychic", isn't
it? :) ) try RBL lookups. Many spammers-for-hire, IIUC, bill customers
based on successful deliveries. Delivering their spam to your SA counts
as a successful delivery. You're helping their bottom line.
Reject, reject, reject! Run pflogsumm and feel good. Check top(1) or
w(1) on the mail server and enjoy seeing the lower load averages. You
will also see a significant reduction in bandwidth used.
> Will SMTP (Postfix) for example, initiate another transaction
> while a connect is pending?
That would not make sense. It could result in multiple deliveries.
> If we all did this, we could pretty quickly shutdown the
> mass mailers.
No, I think SBL-XBL has more impact, and it's not doing it. If everyone
used it, maybe. Spammers definitely hate Spamhaus.
Thanks to Noel for confirming my opinion about the firewall. As always
he had a lot of good advice, too.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]