Yea, I don't think blocking ranges as large as /14 /8 and so on is the answer here.. Imagine how many legitimate mailservers your blocking in that ip range, and for what reason? Just because 1 machine, on 1 IP address.. Was spamming you.. Isnt it a lot easier to just go.. Ahh shit spam.. Delete that.. -----Original Message----- From: Mark Foster [mailto:blakjak(a)blakjak.net] Sent: Friday, September 26, 2003 10:58 AM To: Steve Withers Cc: NZ NOG Subject: Re: [nznog] IP / domain blocking for SPAM prevention I have privately implimented exactly what youre suggesting on my personal MTA. My rejection is actioned via an iptables script, and when I receive spam I tend to block at the /24 level at the minimum - manually now, unfortunately, with the demise of most of the RBLs.... Its all context driven, though.. Spam from Asian networks often winds up being blocked at the network level - eg whatever I can pull from whois, I block. (/14 or bigger in some cases). I havn't blocked anything at the /8 except for 200.* which finally frustrated the hell out of me one day... The catch is that I have other people who use my mail server, so i've got to make sure i keep them in mind when i put blocks in place. The system I use is very rough but when people agree to use my MTA they're made aware that the call in the end will be mine. In one case theyve provisioned a secondary MX which doesn't have the restrictions, and is not restricted by me.. The idea has merit - I reccomend that people who can admin their own mail services do so - but unfortunately its not something that I would personally ever reccomend to those people who are not clooful enough to manage it. That should then become the ISPs responsibility but its always the difference between - 'trying to hard' and 'not trying hard enough'. How much is too much? Does the admin of said machine have to then manually block networks? Id rather see the networks in question blocked at ISP border routers personally but I guess that wont happen in the short term. (This is a WAN, not a LAN.. sigh) Mark. On Fri, 26 Sep 2003, Steve Withers wrote:
Further comments on IP and domain blocking for *personal* mail servers: Just checked my maillog from yesterday.
70% of rejected mail connects came from hotmail, yahoo, earthlink and aol.
30% came from the 61.* and 218.* Korean IP spaces
10% was rejected by ordb / relay denied / other blocked domains
I have wondered if ISPs want to encourage customers to set up individually customisable mailservers on broadband connections - some sort of appliance - that acts as their mail server.
Let the business and competent private users decide what they will and won't receive....with benefits to the ISP in terms of reduced bandwidth consumed as spam isn't deliverable to these people. Just lots of rejected connect attempts. This may even be a managed service an ISP could offer a customer / business. If payment is on data-volume, this could help reduce such charges - offsetting any service fee to some extent.
Am I right in thinking Mailmarshall still allows the spam to be delivered? It just filters it.
The method above prevents delivery.
It would be impossible to do this at ISP level....but it may be a service line an ISP might like to offer a client who wants to define what they do and do not receive.
-- Steve Withers
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog