KCLUG Mailing NNTP Mirror and eliminate spam
Duane Attaway
dattaway at dattaway.org
Tue Sep 2 14:19:00 CDT 2003
On Mon, 1 Sep 2003 enabled at linuxjunkies.com wrote:
> Ya, I am probably going to drop off the list if my email addy is going
> to be put up on the net a few more times. I mean, I have spam filtering,
I have been using usenet for over a decade and do not munge my email
address. I may have gotten a spam in my mailbox perhaps a month ago, but
can't remember exactly when. My mailbox is *very* quiet, yet known.
Its just that I don't know anyone in Asia, Latin America, or from
Amsterdam. So, I use iptables to block my sendmail port. In fact, I'm so
lazy that I don't figure out how to unsubscribe from mailing lists; I just
add an entry to iptables.
Here is my 99.95% guaranteed spam blocker. No software install needed:
dattaway at dattaway dattaway # iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- 61.0.0.0/8 0.0.0.0/0 tcp dpt:25
DROP tcp -- 202.0.0.0/7 0.0.0.0/0 tcp dpt:25
DROP tcp -- 200.0.0.0/8 0.0.0.0/0 tcp dpt:25
DROP tcp -- 210.0.0.0/7 0.0.0.0/0 tcp dpt:25
DROP tcp -- 218.0.0.0/8 0.0.0.0/0 tcp dpt:25
DROP tcp -- 24.232.0.0/16 0.0.0.0/0 tcp dpt:25
DROP tcp -- 140.127.0.0/16 0.0.0.0/0 tcp dpt:25
DROP tcp -- 207.171.188.0/24 0.0.0.0/0 tcp dpt:25
DROP tcp -- 80.0.0.0/8 0.0.0.0/0 tcp dpt:25
DROP tcp -- 209.58.0.0/17 0.0.0.0/0 tcp dpt:25
DROP tcp -- 220.0.0.0/8 0.0.0.0/0 tcp dpt:25
DROP tcp -- 168.226.0.0/16 0.0.0.0/0 tcp dpt:25
DROP tcp -- 205.206.231.27 0.0.0.0/0 tcp dpt:25
DROP tcp -- 194.0.0.0/8 0.0.0.0/0 tcp dpt:25
DROP tcp -- 81.0.0.0/8 0.0.0.0/0 tcp dpt:25
DROP tcp -- 216.133.202.0/24 0.0.0.0/0 tcp dpt:25
DROP tcp -- 219.0.0.0/8 0.0.0.0/0 tcp dpt:25
DROP tcp -- 195.0.0.0/8 0.0.0.0/0 tcp dpt:25
DROP tcp -- 64.106.0.0/16 0.0.0.0/0 tcp dpt:25
DROP tcp -- 216.72.0.0/16 0.0.0.0/0 tcp dpt:25
DROP tcp -- 217.0.0.0/8 0.0.0.0/0 tcp dpt:25
DROP tcp -- 166.68.0.0/16 0.0.0.0/0 tcp dpt:25
DROP tcp -- 4.0.0.0/8 0.0.0.0/0 tcp dpt:25
Issue the command "whois -h whois.arin.net <ipaddress>" to see what
geographic location is blocked. I made an alias for checking my mail
headers to see where the mail *really* came from:
alias a="whois -h whois.arin.net"
and from this header:
by dattaway.org (8.12.9/8.12.4) with SMTP id h6UCFVgC022976
for <dattaway at dattaway.org>; Wed, 30 Jul 2003 07:15:36 -0500
I type "a 166.68.134.174" to see where it came from. I don't know who
NYNEX Telesector Resources Group, Inc. is and they don't seem to have any
customers I would ever email, so I block them:
I made an alias for adding an entry to iptables:
alias i="iptables -A INPUT -p tcp --dport 25 -j DROP -s"
So, I can type "i 166.68.0.0/16" when I see a lot of spam comming from
Genuity's network and they don't answer their abuse mails. The /16 is the
length of the address block Arin reported back to me, so I include that
too.
More information about the Kclug
mailing list