LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-27-2007, 12:26 PM   #1
tbeehler
Member
 
Registered: Aug 2003
Location: Washington State, USA
Distribution: Mainly RH 9.0
Posts: 227

Rep: Reputation: 30
Spam Server Tips - Block Spam With Iptables


I don't know about all of you, but I was running into a big problem with my spamassassin list. I would normally add domains or addresses to the local.cf file and, over time, the list grew to include thousands of entries.

The problem was that when a message came in, it would have to go through this file, which took up valuable cpu and memory resources. I already was using spamhaus and other techniques to get spam down, but it didn't seem to help much.

Regardless, here's what I did: I took all of my domains that were being blocked and left out individual addresses, and put them into a plain text file. I then used a utility called NS-Batch which can be found here: http://www.jimprice.com/jim-soft.shtml to convert all those domains to ip addresses.

Once I had those ip's, I worked a little "vim" magic and made a file with entries that looked like this:

-A INPUT -s 63.64.121.170 -j DROP

Please note, this was the first one I was doing, so it was a mass ban rather than an add entry one by one.

Then I would simply ban these ip's at the firewall with the command iptables-restore < /iplist.txt then iptables-save

Make sure that you set up your system to automatically ban those ip's on bootup.

Then I removed those domain entries in my local.cf file.

Basically, instead of the domains being banned at the local.cf file, they were now being blocked at the firewall level.

The difference? Instead of my cpu shooting up to 90% every 3-5 seconds (we get thousands of messages a day) my cpu hums along nicely and peaks at around 10%.

Of course, I'm probably leaving out a step or two that I'm forgetting or someone may have a better idea, so I'd be happy to hear your input!
 
Old 07-27-2007, 01:32 PM   #2
cnzhannet
LQ Newbie
 
Registered: Jul 2007
Posts: 12

Rep: Reputation: 0
hi, tbeehler.

Blocking spam with iptables seems to save your hardware resources. However, it do bring some side effects. When you block the ip address of a spam domain, you block other non-spam domains which share the same ip address at the same time. I think you should measure the performance and the side effects.

cnzhannet
 
Old 08-24-2007, 10:54 AM   #3
tbeehler
Member
 
Registered: Aug 2003
Location: Washington State, USA
Distribution: Mainly RH 9.0
Posts: 227

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by cnzhannet View Post
hi, tbeehler.

Blocking spam with iptables seems to save your hardware resources. However, it do bring some side effects. When you block the ip address of a spam domain, you block other non-spam domains which share the same ip address at the same time. I think you should measure the performance and the side effects.

cnzhannet
You're absolutely right. I generally ban continual spammers. I have so far (knock on wood) run into the above mentioned problem you speak of once in a few years. Once the victim (for lack of a better word), contacted us and I found his IP, I told him why and he found that he had a spam zombie within his network, so it worked out in the end. Your mileage may vary.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
spam filter that puts spam into spam folder? paul_mat Linux - Software 3 03-31-2009 04:18 AM
LXer: How To Block Spam Before It Enters The Server (Postfix) LXer Syndicated Linux News 0 06-06-2007 05:31 PM
Postfix, dovecot, spamassassin SPAM to a spam folder breitscott Linux - Server 30 02-17-2007 02:47 PM
procmail and spam -- do not send out of office auto replay to spam draix Linux - Software 0 12-30-2004 08:35 AM
what's a quick and dirty way to block spam finegan Linux - General 1 12-03-2001 12:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 12:30 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration