[vox] Spamassassin, global blacklists?

ME vox@lists.lugod.org
Tue, 15 Apr 2003 08:09:28 -0700 (PDT) 

I have used iptables/ipchains to limit access, but that was when I was the
only user on the box getting email. I have 2 people from Denmark, 1 from
Japan, 2 from China, and others from other countries.

Because of this, I cannot easily blanket ban entire continents.

What I have been doing is running spamassassin with a global config that
contains blacklists.

/etc/mail/spamassassin/local.cf

[snip]
blacklist_from  *@247mail.com
blacklist_from  *@*.247mail.com
blacklist_from  *@b1st2gamble.com
blacklist_from  *@bizrate.com
blacklist_from  *@*.bizrate.com
[snip]

And then allowed users to modify user prefs "ok_languages" and
"ok_locales" to control what languages/locales they wish to block/accept.

> I have received spam from these addresses:
>
> Asia
>
> iptables -A INPUT -s 61.0.0.0/8      -j DROP
> iptables -A INPUT -s 62.0.0.0/8      -j DROP
> iptables -A INPUT -s 62.0.0.0/8      -j DROP
> iptables -A INPUT -s 202.0.0.0/7     -j DROP
> iptables -A INPUT -s 210.0.0.0/7     -j DROP
> iptables -A INPUT -s 219.0.0.0/8     -j DROP
> iptables -A INPUT -s 163.13.0.0/16   -j DROP
> iptables -A INPUT -s 163.14.0.0/15   -j DROP
> iptables -A INPUT -s 163.16.0.0/12   -j DROP
> iptables -A INPUT -s 163.22.0.0/16   -j DROP
> iptables -A INPUT -s 163.25.0.0/16   -j DROP
> iptables -A INPUT -s 163.32.0.0/16   -j DROP
> iptables -A INPUT -s 159.226.0.0/16  -j DROP
>
> Europe
>
> iptables -A INPUT -s 80.0.0.0/8      -j DROP
> iptables -A INPUT -s 81.0.0.0/8      -j DROP
> iptables -A INPUT -s 193.0.0.0/8     -j DROP
> iptables -A INPUT -s 212.0.0.0/8     -j DROP
> iptables -A INPUT -s 213.0.0.0/8     -j DROP
> iptables -A INPUT -s 217.0.0.0/8     -j DROP
>
> Latin America
>
> iptables -A INPUT -s 200.0.0.0/8     -j DROP
>
> I am currently accepting HTTP everywhere and mail
> from the Europe and Latin America IPs, but not from
> Asia.  iptables is a bit rude for spam control, but
> I have found from experience that attemps to hack
> my machine come from the same places, so...
>
> Joel
>
> On Mon, Apr 14, 2003 at 11:43:57PM -0700, ME wrote:
>> Hello,
>>
>> <bragging about kewlness of SM and SA>
>> I switched over to store spamassassin user config settings in a SQL DB
>> and
>> SquirrelMail addressbooks and Squirrelmail user prefs in SQL DB as well
>> (3
>> different tables.) This works very well, and I just finished modifying a
>> SM plugin (php) that permits me to let each user control their own SQL
>> stored Spamassassin settings... This stuff rocks!
>> </bragging>
>>
>> Anyway, I have a growing global blacklist_from for my domain's filtering
>> and wanted to know if any of you share global blacklists.
>>
>> Have you used used the rcvd from blacklist? Opinions?
>>
>> I must say that since I added web based SM config for languages and
>> locales that "foreign language" spam has decreased a bit. (Someone here
>> mentioned that they used it, and after I looked into it, I could see the
>> benefits. Thanks for the suggestion!)
>>
>> Anyone have a global blacklist from they want to share.
>> _______________________________________________
>> vox mailing list
>> vox@lists.lugod.org
>> http://lists.lugod.org/mailman/listinfo/vox
> _______________________________________________
> vox mailing list
> vox@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox
>
>