funsec mailing list archives
Re: Spamhaus for Extra Mail Server Security
From: Rich Kulawiec <rsk () gsp org>
Date: Mon, 14 Sep 2009 07:16:42 -0400
On Sat, Sep 12, 2009 at 02:42:41AM +0300, Gadi Evron wrote:
I cannot IP filter an SMTP server to be available only from certain locations -- as if I even wanted to limit myself in such a way.
It's long since become a best practice to do exactly that: to firewall out connections from any network allocation (whether by entity or country) that recipients don't need/want to receive mail from. (Or more efficiently in some cases, to only permit connections from those allocations where mail is necessary/desirable.) These are high-efficiency, low-cost anti-email-abuse techniques that work beautifully *when properly used* -- and that, of course, is the trick. For example, on various mail servers I'm running, I'm using a combination of 3261 network allocations and 26 country allocations to refuse connections (with different ones used on different servers depending on their traffic patterns). Given that the occurence rate of non-abusive connections from those ranges from "once every several years" to "never", this is a clearly superior method of defense in terms of resources, cost, efficiency, FP, FN, resistance to attack, resistance to gaming, etc. Incidentally, *everyone* should be using the Spamhaus DROP list for IP filtering, preferably at the network perimeter. But if that's not possible, then in the firewall (onboard or elsewhere) in front of mail server(s) -- and blocking bidirectionally. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Spamhaus for Extra Mail Server Security Gadi Evron (Sep 11)
- Re: Spamhaus for Extra Mail Server Security Rich Kulawiec (Sep 14)