[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: best practices for fighting spam with Debian?

Glenn English <ghe2001@gmail.com> wrote:

> What Sven suggested is pretty good. But I'd do all the local checks
> first, then hit the RBLs on the 'Net -- it reduces the load on the
> RBLs and on the local 'Net, and a CPU is faster than a 'Net connection
> (I'm on a T1, so I'm very aware of bandwidth usage and speed).

In the early days of our setup we where in the opposite situation:
Network bandwidth was not a problem but local compute resources (for
Spamassassin and the Virus scanners) where.

This is why we put all the CPU-inexpensive networking checks up at the
front so that many spam mails don't get as far as hitting the
CPU-intensive stuff.

(Having a local caching only resolver for the MXes to use exclusively is
also helpful.)

> Iptables is also useful. You can block entire IP blocks for MailChimp and
> the like. And entire countries, like China (many address blocks, though),
> etc. 

Using the geoip match from xtables is helpful here. Using the
information from the public Maxmind databases you can quite easily block
whole countries without needing to hunt for the IP blocks manually.

But of course this is the big nuke and should be use with care and
deliberation.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.
Reply to: