I am getting a lot of spam on my accounts from over seas IP addresses. I have been researching some ways to block all non USA IP's and have found the following;
The problem I am having is that non of these actually block incoming IPs via email (unless of course I have just not found the right article yet that explains it the right way).
I am looking for a way to block all non US IPs from sending emails, any suggestions?
big percentage of spam source come from USA, so blocking other regions don't solve your problem at all.
your accounts are getting hacked(brute force,virus) and sending SPAM?
your mailserver is getting bombarded with tons of SPAMS?
Its not tons of spam, its maybe 10 a day coming into my accounts (not out) but all ips are from outside US so blocking all non US ips will solve my problem for now.
What is amazing? Do you have a suggestion to block a list of IPs from sending emails to my system?
Nevermind just had an epiphany, instead of blocking a lot of useful IPs from my server, I will tighten down Spam filters, since the spam I am getting is spoofing the from field. Thanks for the help
That might be preferable to blacklisting ~95% of the worlds population.
Have you looked at RBLs ?
I have not, do you have any suggestions?
I have the same issue and since most people will tell you that their SPAM comes from the US and not overseas, and that everybody in Korea is a saint, and nobody in Russian is trying to brute force me right now...
OK anyway back to reality. The internet is hostile. You can block whoever you want. Ignore the hippies that tell you that you are a bad person because you want to block the world.
Just remember, that you WILL block people you shouldn't. For example, some of your friends in North Washington might actually show up on Canadian IP addresses.
OK so anyway you need to think about this backwards. (sign of a good sysadmin)
Why block the world? Just block everything by default, and only allow the IPs you want. You can do this with a shell script, I wrote mine in like 5 minutes while drunk so... All I do is just toss every IP address in the US in to a file, and poke a hole to my server on port 25 only from those IPs.
Basic firewall fundamentals right? It's easier to block the world, and allow only what you want, than to allow the world and only block a few people.
And no, I'm not gonna write the shell script for you or post mine. I will point you to DNSstuff where you can easily get a list of all the IPs assigned to each country.
Hopefully you are running Zimbra on linux so you can use IPTables.
Search Google and these forums for Zimbra and RBLs
Originally Posted by cartaysm