[184666] in North American Network Operators' Group
Re: IP-Echelon Compliance
daemon@ATHENA.MIT.EDU (Stephen Satchell)
Wed Oct 14 07:22:05 2015
X-Original-To: nanog@nanog.org
To: nanog@nanog.org
From: Stephen Satchell <list@satchell.net>
Date: Wed, 14 Oct 2015 04:22:01 -0700
In-Reply-To: <20151014103756.GA12883@gsp.org>
Errors-To: nanog-bounces@nanog.org
On 10/14/2015 03:37 AM, Rich Kulawiec wrote:
> On Wed, Oct 14, 2015 at 12:12:29PM +0200, Randy Bush wrote:
>> jeezus folk!
>>
>> http://www.procmail.org/
>
> I wouldn't necessarily recommend that approach. There is no obligation
> for victims of spammers to continue providing Internet services to them,
> including SMTP services. A much better move would be to identify the
> network block emitting this abuse and block/drop all packets from it at
> the perimeter of the network or in the firewall(s). After all, spammers
> frequently engage in other forms of abuse, so it would probably be best
> to simply remove them from your view of the Internet.
>
> ---rsk
>
+1 -- I've taken the approach in my edge network to block spammers and
SSH abusers completely, on the theory that people will have multiple bad
habits. I collect between 1000 and 2000 spam messages during each
cycle, then add the worst offenders to my netblocks. I don't recommend
this approach for services that have a number of different customers;
for enterprise networks, though, judicious use of ACLs can relieve a lot
of headaches and clogging traffic.
Running multiple mail servers, one for incoming sales and one for
general use, lets you tailor the blocks so that relatively few people
have to deal with the sludge.
