OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :

<< Re: Passive Aggressive Spam Filtering | Up: Re: Passive Aggressive Spam Filtering | Flattened | Expanded | Re: Passive Aggressive Spam Filtering >>

Threshold: Help

  Re: Passive Aggressive Spam Filtering (mod 2/30)
by Anthony (2001:470:81c2:200:207:e9ff:fe39:24e8) on Sat Jul 18 14:22:17 2009 (GMT)
  > An idea came to me after reading this article; another way to handle this would be to pull in a bunch of fairly aggressive blocklists (not worry about false positives), greylist addresses on those lists, and pass the others... Constructing the tables and PF ruleset is left as an exercise to the reader :-)

That's exactly what I do. Even the aggressive ones with big netblocks aren't that big a deal when all they get is greylisted.

pfctl -t rbl -T replace -f /tmp/concated_lists

This removes IPs that aren't in the file anymore, and adds new ones that are. All it needs is a newline delimited file. I recommend the AMD64 port, i386 is limited to 768 mb of kernel memory and AMD64 is 4 gigs. That'll get you 15+ million table entries, which goes a long way when some of them are big prefixes from aggressive lists.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. Some icons from used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]