Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

drhyde (1683)

drhyde
  (email not shown publicly)
http://www.cantrell.org.uk/david

Journal of drhyde (1683)

Tuesday April 13, 2004
06:43 AM

I don't like spam

[ #18312 ]
Not even when served with spam spam spam spam spam spam spam spam eggs and spam.

So as well as using spamassassin, I now use a bunch of custom rules for weeding out spam from anti-virus authors and from various countries; I block something like 60 domains before procmail and spamassassin even get to see them (but only if the spamming host has rDNS); and just recently I started blocking hosts which lie in their HELO.

That last one is technically breaches some RFCs but fuck it, I don't care any more. It *works*.

What I really want to do is refuse connections based on the sender's netblock, populating my blocklist with ASes, cos then when a spamsource like comcast gets a new range, they'll remain blocked. Unfortunately, I don't run a fancy enough network to be speaking BGP, so does anyone have any clues how to do this? It would simplify matters no end.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • Blocking entire netblocks can actually do more harm than good if it's not done correctly. If I have a small /28 network in one of my ISP's larger blocks, and some idiot with another network in the same block decides to start spamming, you have to make sure you block the idiot's network, and not the ISP's larger block. Otherwise, you could block me and plenty of other legitimate mail servers. As you said, you just might not care at this point, and I don't blame you.

    Of course for things like cable modem

    • I'd only do that for netblocks which are repetitive egregious spammers. In those cases, I consider the collateral damage to be a feature, not a bug. In any case, what I'd like to do is not refuse to accept mail, but refuse to even start talking SMTP with hosts in such blocks. Spamware and winfestations generally don't seem to be clever enough to handle that and so go on to their next victim. Real mail software on the other hand - even MS mail software - should interpret that as my server being down, and