OT: Blocking persistent spammers using IPTables?

[Jason Ede]

We already use Vispan and I’m not aware that this can block based on 554’s. I think it can only block based on spam/viruses.

Jason

From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Philip Parsons
Sent: 28 April 2010 18:27
To: MailScanner discussion
Subject: RE: OT: Blocking persistent spammers using IPTables?

If you are using MailScanner you should look into a program called Vispan.  IT scans the maillog and compiles lists of ips to automatically block according to whatever criteria you put in place.  The good thing is that it releases the ip after 5 days as most spammers are using DHCP, but if the same machines starts to spam again it then blocks it for 10 days and so for and so long.  Also has a nice little web based stats page.

From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Vincent Verhagen
Sent: Wednesday, April 28, 2010 12:10 AM
To: MailScanner discussion
Subject: Re: OT: Blocking persistent spammers using IPTables?


Don't see a big issue there. As long as you pick the number of transgressions relatively high and your expiry time reasonable. I've been thinking about this for a while, but don't do it because it would mess up the statistics I provide for management to "prove the need for funding".

I am doing this for ssh and pop3/imap, using SEC to auto-create iptables rules, to stop brute force attacks.



On Tue, 27 Apr 2010 20:22:08 +0100, Jason Ede <J.Ede at birchenallhowden.co.uk> wrote:

We’re debating blocking (using IPTables) IP’s that register more than a set number of rejections (554 from spamhaus and other blacklists or persistently try random address at domain). Before we actually implement this I’m wondering if there can be any problems with this method? It will only be used for IP’s that try to connect a significant number of times and we’ll have an expiry on each IP so the blocklist doesn’t keep growing indefinitely.

Jason


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100428/9facd7fb/attachment.html