Re: [exim] Using GeoIP to block spammers - anyone?

Top Page
Delete this message
Reply to this message
Author: Renaud Allard
Date:  
To: Odhiambo G. Washington, exim-users
Subject: Re: [exim] Using GeoIP to block spammers - anyone?
While I recommended you the country-rirdata.dnsiplists.completewhois.com
list, and this seems very accurate. I think most people here wouldn't
use it because blocking on IP location is generally not a good idea. And
I must admit I also think it is not a good idea in most cases.
SMTP auth is probably the best answer to your problem, _but_ it won't
work without changing client configurations. And that's something you
don't like either.
So there is no perfect solution to your problem. As in most cases, you
will have to choose either to change your client configurations or
accept some other drawbacks, like the ones dns lists will give you. It's
all a matter of choice of which drawbacks you will accept.
Honestly, the old cached DNS infos will probably expire in a short time
worldwide, so it may not be worth you to change your configs.

Odhiambo G. Washington wrote:
> * On 24/06/06 13:24 +0200, Jakob Hirsch wrote:
> | Quoting Odhiambo G. Washington:
> |
> | > | them by SMTP AUTH or fixed IPs. That should give you the facility to
> | > Yes and yes. I already do that. However, it has not stopped spammers
> | > from connecting to it, which is why I am looking at this other option.
> |
> | Ok, but what's the big deal about them connecting to your server? Are
> | they so many that you have excessive load or something?
>
> Yes, the server is an old HP Netserver LH4r. Not good to be around these
> days, but we are not trashing it just yet. ;)
>
> | I think there's no reliable way to do what you want without client side
> | changes. If the latter would be ok, though, a good way is WB's
> | suggestion: Only allow incoming connections to 587 (and 465/smtps for
> | the u$ clients) and block people which are not trusted (IP) or
> | authenticated at MAIL FROM or RCPT TO.
>
> Point taken. I believe I am between a rock and the famous hard place.
> Some of my u$ client even decided to run 'servers' at their end, which
> in turn communicate with this box.
>
> But also, I can say is that country-rirdata.dnsiplists.completewhois.com
> as a dnslist seems to be kind of accurate. I tested it last evening and
> it did correctly tag all connections that came from Kenya. While I may
> not use this as some people say it's a bad idea, it's something really
> worth looking at for situations that require "really bad ideas" like it.
>
>
>         cheers
>        - wash 
> +----------------------------------+-----------------------------------------+
> Odhiambo Washington                    . WANANCHI ONLINE LTD (Nairobi, KE)  |
> wash () WANANCHI ! com            . 1ere Etage, Loita Hse, Loita St.,  |
> GSM: (+254) 722 743 223            . # 10286, 00100 NAIROBI             |
> GSM: (+254) 733 744 121            . (+254) 020 313 985 - 9             |
> +---------------------------------+------------------------------------------+
> "Oh My God! They killed init! You Bastards!"  
>                          --from a /. post

>


--
Nikademus
http://www.octools.com

.O.
..O
OOO

PGP key: http://www.llorien.org/gnupg/key.pub