OT: Blocking persistent spammers using IPTables?

Michael Masse mrm at medicine.wisc.edu
Wed Apr 28 19:02:49 IST 2010



>>> On 4/28/2010 at 12:27 PM, in message
<7C62BFED4DC0CE488F93865D83A61E64020B4872 at sprocket.columbiafuels.com>, "Philip
Parsons" <pparsons at columbiafuels.com> wrote:
> If you are using MailScanner you should look into a program called Vispan.  
> IT scans the maillog and compiles lists of ips to automatically block 
> according to whatever criteria you put in place.  The good thing is that it 
> releases the ip after 5 days as most spammers are using DHCP, but if the same 
> machines starts to spam again it then blocks it for 10 days and so for and so 
> long.  Also has a nice little web based stats page.
> 

I second this.   I've been using VISpan for a long time and it works well at blocking persistent spammer IP's.   It blocks at the MTA level and not the network level, but since we're talking about a software firewall (IPTables) my guess is that the difference between the two in cpu utilization and network traffic is negligible even on very busy systems.

-Mike




More information about the MailScanner mailing list