[AusNOG] qld transport contact
Damien Gardner Jnr
rendrag at rendrag.net
Thu Dec 13 14:58:07 EST 2012
On 13/12/2012 2:40 PM, Chris Scholfield wrote:
> I've been looking into either blocking or allowing certain countries IP
> addresses on the router for the mail server to prevent these attacks from
> reaching the mail server to begin with. Everyone I have spoken to so far
> has said it could possibly be done, but they've never tried it.
>
> Anyone had any experience in doing this? If so, how'd it turn out?
>
We (ISA) did this from around 2001->2005, without any real problems.. We
used the pf ruleset generator which Wiretapped put out using APNIC/etc
records to simply generate block rulesets to cover whole countries. We
ended up blocking china from talking SMTP to any machine downstream from
us. We had one customer complain, but given 90% of their business was
with china, that's to be expected.. We pushed their mail onto a separate
mailserver, and allowed all SMTP to that machine, and they were happy.
Meanwhile all of our other customers were very happy about the reduced
spam volume!
These days, SPF and greylisting take care of ~90% of our spam traffic.
Maia takes care of the rest :)
--DG
More information about the AusNOG
mailing list