On Wednesday 04 February 2004 17.17, suse-security wrote:
Hi list,
I'm very new to the subject of administrating a linux server, so please forgive my dumb questions. Currently my server is receiving a lot of spam mail from a certain address. I want to block this rubbish before it hits the smtp-server, hence I'd like to add some rules to the firewall that sorts the stuff out. Is the custom script for the SuseFirewall2 (/etc/sysconfig/scripts/Susefirewall2-custom) the right place for this temporary solution? And which section to I have to use inside this script? I know that I have to setup some proper antispam-software, but in the meantime I just want to drop the mails.
Any hints are really welcome Sebastian
You should ask yourself the question : If someone from a know spam server is sending an e-mail to my domain, should I 1) quite simply block it or should I 2) reject it with a message to the sender like "We do not accept mail from know spam servers." That is, how bad would it be if an e-mail was wrongly blocked with no notification to the client? Or just beeing reject with an reject message? In general, a firewall can only do option 1) (drop/reject TCP/IP packet) while your mailserver can do option 2) (commonly via RBLS). What I do is to use a combination of 1) (sort of, I use OpenBSD spamd here) and 2) : IP's compiled from spamhaus.org as well as IP from China and Korea are not redirected to the mail server. The others are rejected with an error message. Then I use SpamAssassin to classify e-mails, and the target of the e-mail can then make a filter rule on X-Spam-Level that is added by Spamassassin to eliminate more spam. OpenBSD is mirroring some blocking lists since the masters are under some pressure : www.openbsd.org/spamd/SBL.cidr.gz www.openbsd.org/spamd/spews_list_level1.txt.gz www.openbsd.org/spamd/spews_list_level2.txt.gz www.openbsd.org/spamd/chinacidr.txt.gz www.openbsd.org/spamd/koreacidr.txt.gz /Sigfred