I'm gonna ignore most of the implications of this and just say one thing
that you're apparently not considering...
Once you implement a methodology, you then become committed to
maintaining the implementation and ip address ranges change, people go
to China for visiting, other people might have to troubleshoot your
implementations, etc. I try hard not to solve symptoms by implementing
narrowly targeted solutions but rather focus on the larger problems. I
see a lot of smtp thuggery coming from eastern Europe and South America,
not just China. Postfix does a really good job of bandwidth and pipeline
limiting.
Craig
On Mon, 2009-03-30 at 11:45 -0400,
kitepilot@kitepilot.com wrote:
> Agree...
> But for as long as my people doesn't have friends in Asia, I may as well
> block them all... :)
> Enrique
>
>
>
> Craig White writes:
>
> > On Mon, 2009-03-30 at 08:30 -0400, kitepilot@kitepilot.com wrote:
> >> And how do I:
> >> "starting by iptable deny all of china" ?
> >>
> >> I can figure out the "iptable" part, it is the "china" part (and other
> >> possible places where I know I will only get spam from) that I am unaware
> >> of...
> > ----
> > I do not believe that this is constructive thinking. It's easy enough
> > for someone in China to use a computer somewhere else as a base for
> > operations and that security doesn't come from just arbitrarily picking
> > ranges of ip addresses to block. Security would necessarily require
> > effectiveness from virtually everywhere - possibly even your own
> > 'trusted' lan.
> >
> > Spam control on the other hand doesn't rely much on iptables at all but
> > rather many layers of implementation such as RBL's, greylisting
> > (optional but effective), spamassassin, smtp level restrictions and
> > more.
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)