[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
On Fri, 13 Dec 2002, Neil Williams wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What do people think about implementing this in a firewall? http://www.spews.org/packetreject.html
A firewall where in particular? If you have your own mailserver on the 'net, it's an option. If you're behind an ISP (typical home or small biz), your email will be coming from your ISP's server, and it would be for them rather than you to do this.
The Anonymous Engineer Presents: Spews, Bourne in 3 for IP in `lynx -dump -width=1000 http://www.spews.org/spews_list_level1.txt | \ grep -v "#" | sed 's/ .*$//gi'`; do /sbin/ipchains -A input -p all -s $IP -d 0/0 -b -j REJECT; done
That takes a _long_ time to run (all those ipchains commands - unless they're a great deal faster than iptables). Do nice it! Also I prefer to split the download from the running the rules: lynx -dump -source http://www.spews.org/spews_list_level1.txt \ | awk '{print $1}' | egrep ^[0-9][0-9] \ > spammers-list && while read SPAMMER ; do /usr/local/sbin/iptables -t filter -I INPUT -p tcp --dport smtp \ -j DROP -s $SPAMMER --syn done < spammers-list Having said that, I haven't used it for some time. I do firewall off SMTP from netblocks owned by particularly troublesome spammers, but do so manually these days.
- From the FAQ: Why does SPEWS have two levels of listings? What is Level 1? A21: SPEWS publishes two lists. The majority of the Level 1 list is made up of netblocks owned by the spammers or spam support operations themselves, with few or no other legitimate customers detected. We don't even try and educate these types as any past attempts at education have failed.
It has been known for SPEWS to screw up: on at least one occasion a typo in their level 1 list inadvertently blocked about 25% of all IP addresses! That was quickly fixed, but could have serious effects if you use it without following news on the subject (eg by reading news.admin.net-abuse.email - which is in itself an ordeal). IMO only worth it if you're running quite a big operation.
The DNS lookup filtering looks far more awkward to setup. http://www.spews.org/filter.html
If your MTA supports RBL, then it's easy. Oh, and btw, all the MTAs either support RBL or have standard patches to support it. -- Nick Kew -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.