[AusNOG] qld transport contact

Damien Gardner Jnr rendrag at rendrag.net
Thu Dec 13 14:58:07 EST 2012


On 13/12/2012 2:40 PM, Chris Scholfield wrote:
> I've been looking into either blocking or allowing certain countries IP
> addresses on the router for the mail server to prevent these attacks from
> reaching the mail server to begin with.  Everyone I have spoken to so far
> has said it could possibly be done, but they've never tried it.
>
> Anyone had any experience in doing this?  If so, how'd it turn out?
>
We (ISA) did this from around 2001->2005, without any real problems.. We 
used the pf ruleset generator which Wiretapped put out using APNIC/etc 
records to simply generate block rulesets to cover whole countries.  We 
ended up blocking china from talking SMTP to any machine downstream from 
us.  We had one customer complain, but given 90% of their business was 
with china, that's to be expected.. We pushed their mail onto a separate 
mailserver, and allowed all SMTP to that machine, and they were happy.  
Meanwhile all of our other customers were very happy about the reduced 
spam volume!

These days, SPF and greylisting take care of ~90% of our spam traffic.  
Maia takes care of the rest :)

--DG




More information about the AusNOG mailing list