Hosted Spam Filtering
30 day trial FREE!
Help for Users
Help for Sysadmins
Help for Marketers
Link to Us
Cutting off IP connectivity to spam sourcesMAPS for more information.
On a Cisco router, the ACL is defined by:
access-list 100 deny ip ppp.qqq.rrr.0 0.0.0.255 anywhere ppp.qqq.rrr.0 is the address used by the spamming site. If "ip" is replaced by "tcp" and "any" is prefix by "eq smtp", only SMTP will be block, as per "port blocking selected outgoing calls"
Note that with more complex ACLs that the ORDER IS SIGNIFICANT
The interface to filter also needs:
ip access-group 100 in
ipfwadm -I -a deny -S ppp.qqq.rrr.000/255.255.255.0or (depending on the release version ?)
ipfwadm -I -a deny -S ppp.qqq.rrr.000/24 -D 0.0.0.0/0"-I" means "incoming firewall rule".
"-a deny" means "add the policy to deny this".
"-S ppp.qqq.rrr.000/255.255.255.0" means the traffic has a source and netmask as specified.
"-D 0.0.0.0/0" means to any destination.
You can also use "-a reject" instead of "-a deny". When you use a "reject", the remote site gets "connection refuesd". When you use a "deny", the remote site just thinks the connection times out.
Conversely, ISPs can be good net citizens by port blocking selected outgoing calls.LBL BFP kernel filter can be used to reject packets from SPAM sites with `port unreachable' with a filter such as
dst port 25 and (src net 205.199.212 or src net 204.250.46/27)The author warns `Installing BPF kernel filters is not for everyone. But it's not too difficult to install the current version of bpf on a SunOS 4 kernel and I will soon include the necessary patches for FreeBSD.'
Update 14 June 2002: BPF is now a standard part of FreeBSD.
ftp://ftp.porcupine.org/pub/security/index.html and is 7.6 as of this writing.) The TCP wrapper allows a site administrator to wrap services so that they can only be used by authorized hosts. By enabling "-DPROCESS_OPTIONS" when compiling tcpd, finer control can be achieved over which sites can call. A single /etc/hosts.allow can say which host can, and which cannot, call services. In this form, to block calls for `service' from badsite.com, have the line
service : badsite.com .badsite.com : DENYIf PROCESS_OPTIONS is not set, then nothing need be added to hosts.allow, but /etc/hosts.deny should have
service : badsite.com .badsite.comNote that the ORDER in which the rules are given IS SIGNIFICANT. Take care to ensure that there isn't an ALL entry before the line which denies access.
The exact format of the command to achieve this varies between systems, but it may be of the form:
Some systems (e.g. FreeBSD) have a "-reject" flag.
Ross Wheeler, from an Australian ISP, has written a script that dynamically blocks IP routing to addresses of hosts that have recently attempted any number of invalid probes, such as sending to nonexistent users, attempting to relay e-mail, or hitting "bait" addresses..
PacketBL is a tool that uses DNSBLs to configure network filtering to drop packets (Linux).
This is a chapter on using spamd on OpenBSD to redirect SMTP connections from spammer hosts to a specialized mail daemon that rejects their mail.
Scott Hazen Mueller / E-mail me