iptables out of memory?
Alan Johnson
alan at datdec.com
Thu Jan 29 16:38:15 EST 2009
On Fri, Jan 23, 2009 at 11:54 AM, H. Kurth Bemis <kurth at kurthbemis.com>wrote:
> This is something I haven't seen mention of;
>
> While it might seem logical to block SPAM sources at the network level,
> I would feel that you could be blocking legitimate mail/users at the
> same time. Many SPAM sources are mis-configured mail servers and
> botnets. While using iptables seems like a good idea, you're going to
> end up blocking more then half of the IP space.
>
> I would recommend using Spamhaus's ZEN blocklist
> (http://www.spamhaus.org/zen/index.lasso). It is much more reactive to
> listing and de-listing hosts then your iptables solution.
Spamhaus is what I use that causes the IPAs to show up in my mail log. My
scripts watch for spamhaus-blocked-this log lines, parse out the IPA, then
add it to the firewall. I started by purging them out after 3 days, now I
am down to 1 day, but I'm thinking I will max out the table anyway, so I
might have to purge more often.
I use sbl-xbl.spamhaus.org instead of zen because of reasons posted in
another thread, but same idea.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20090129/a7689c56/attachment.html
More information about the gnhlug-discuss
mailing list