Agree too... Man, I hate intelligent people, they make me look sooo dumb! :) Very valid point. ET Craig White writes: > I'm gonna ignore most of the implications of this and just say one thing > that you're apparently not considering... > > Once you implement a methodology, you then become committed to > maintaining the implementation and ip address ranges change, people go > to China for visiting, other people might have to troubleshoot your > implementations, etc. I try hard not to solve symptoms by implementing > narrowly targeted solutions but rather focus on the larger problems. I > see a lot of smtp thuggery coming from eastern Europe and South America, > not just China. Postfix does a really good job of bandwidth and pipeline > limiting. > > Craig > > On Mon, 2009-03-30 at 11:45 -0400, kitepilot@kitepilot.com wrote: >> Agree... >> But for as long as my people doesn't have friends in Asia, I may as well >> block them all... :) >> Enrique >> >> >> >> Craig White writes: >> >> > On Mon, 2009-03-30 at 08:30 -0400, kitepilot@kitepilot.com wrote: >> >> And how do I: >> >> "starting by iptable deny all of china" ? >> >> >> >> I can figure out the "iptable" part, it is the "china" part (and other >> >> possible places where I know I will only get spam from) that I am unaware >> >> of... >> > ---- >> > I do not believe that this is constructive thinking. It's easy enough >> > for someone in China to use a computer somewhere else as a base for >> > operations and that security doesn't come from just arbitrarily picking >> > ranges of ip addresses to block. Security would necessarily require >> > effectiveness from virtually everywhere - possibly even your own >> > 'trusted' lan. >> > >> > Spam control on the other hand doesn't rely much on iptables at all but >> > rather many layers of implementation such as RBL's, greylisting >> > (optional but effective), spamassassin, smtp level restrictions and >> > more. > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss