Any pfSense users running pfBlocker for Spam Control?

Author	All Replies
Noah Vail Son made my Avatar Premium join:2004-12-10 Lorton, VA kudos:1 Reviews: ·Bright House ·Sprint Mobile Br.. 1 edit	Any pfSense users running pfBlocker for Spam Control? If you're using the new pfBlocker package for spam control; one of the mods is kindly hosting updated spam lists on his repo site. The site is here: »e-sac.siteseguro.ws/pfBlocker/lists/ If there's interest, I'll post back w/ more info about them. -- Adopting other people's animosity is The New Stupid.
	to forum · permalink · 2012-01-21 23:29:57 ·
EUS Kill cancer Premium join:2002-09-10 canada	Since you still have 0 responses I'll answer, nope. I leave spam control to my email server. -- ~ Project Hope ~
	to forum · permalink · 2012-01-23 10:55:52 ·
XCOM digitalnUll Premium join:2002-06-10 Spring, TX	reply to Noah Vail I am interested. I am using pfsense and pfBlocker. Thanks. -- [nUll@dcypher ~]$
	to forum · permalink · 2012-01-23 11:28:41 ·
Noah Vail Son made my Avatar Premium join:2004-12-10 Lorton, VA kudos:1 Reviews: ·Bright House ·Sprint Mobile Br..	reply to EUS said by EUS: Since you still have 0 responses I'll answer, nope. I leave spam control to my email server. Ohh. A response! I'm curious to know what technique you're using for spam blocking. and.. I'd like to share my conversion story. I'd been long using my mailserver for DNS/SURBL. A year ago I figured out it was performing 100k blacklist checks each week. It was keeping my mail and DNS servers busy. So I shifted the load to my firewall and started blocking with Country Block and IPBlocker. It really cut down on the server resources. My noisy server CPU fans went quiet and mostly stayed there. Here's last week's screen cap showing 20 hours of blocked spams attempts. The 2 numbers in red are from the lists in my OP. The firewall is running on a P4 and it's resource use is minimal. My more powerful mail server would have a tougher time w/ the same load. -- Adopting other people's animosity is The New Stupid.
	to forum · permalink · 2012-01-23 11:38:55 ·
EUS Kill cancer Premium join:2002-09-10 canada Reviews: ·voip.ms	Pfsense resides on a PIII box, nothing else is done on that box. On a separate machine I am running pdns and pdns-recursive for dns. On that same box is my mail server, and in terms of loads so far so good. The mail server is running postfix/courier/mysql/amavis. Apart from the amavis package, I have a couple of entries in postfix itself for blacklist lookups, and (thanks to greysonf for the know-how), I have entered country blocking in postfix config as well. The last tool I use is fail2ban, which is extremely good for ip-banning for those trying to brute force ssh, which in my case is silly, as keys are required to open an ssh session. I've tunneled ftp through ssh as well, so keys are also required for ftp sessions. -- ~ Project Hope ~
	to forum · permalink · 2012-01-23 12:01:03 ·
XCOM digitalnUll Premium join:2002-06-10 Spring, TX	I like to keep things simple and effective. If it can all be blocked at the border than by all means it will be done -- [nUll@dcypher ~]$
	to forum · permalink · 2012-01-23 12:05:47 ·
Noah Vail Son made my Avatar Premium join:2004-12-10 Lorton, VA kudos:1 Reviews: ·Bright House ·Sprint Mobile Br..	said by XCOM: I like to keep things simple and effective. If it can all be blocked at the border than by all means it will be done. One IP currently receives 25k-30k spam delivery attempts each day. The thing is, it's one domain w/ maybe 8 email accounts in use. It's ridiculous. The image I posted earlier shows the most spams are taken out by the CorpSpam list. It's populated w/ 'legit' companies who 'spamvertise' via opt-out lists. That list targets companies like Constant Contact, LinkedIn, PlentyOfFish, FTD and the marketers who spam for TravelDeal sites. Some people want some of those mails. That separate list makes it easier to allow that traffic. The pfCustomSpamList focuses on US spammers. There are some countries I need to receive email from and their spammers are in there too. Non-US ranges are documented. Eventually they'll be rolled into their own list. The lists have been a year in making; and are updated at least every week. It's a one-man operation. FYI: I live-load a comprehensive Bogon list directly from CountryIPBlocks. They update it several times a week because there's still some volatility in IPv4 address allocations. https://www.countryipblocks.net/e_country_data/XA_cidr.txt Some admins are leery that CountryIPBlocks can keep their bogon list properly updated. I have complete confidence in them. -- Adopting other people's animosity is The New Stupid.
	to forum · permalink · 2012-01-23 21:50:33 ·
Noah Vail Son made my Avatar Premium join:2004-12-10 Lorton, VA kudos:1 Reviews: ·Bright House ·Sprint Mobile Br..	reply to EUS said by EUS: Pfsense resides on a PIII box, nothing else is done on that box. On a separate machine I am running pdns and pdns-recursive for dns. On that same box is my mail server, and in terms of loads so far so good. I have entered country blocking in postfix config as well. The last tool I use is fail2ban, which is extremely good for ip-banning for those trying to brute force ssh... Only you could know if moving your blocking to the edge could improve on what you have. But if you do, I'd guess your PIII will handle it just fine. I have a 1GHz 384MB PIII deployed, that's running pfBlocker w/ minimal resource use. I only ever use lists that are in CIDR format, so pfBlocker doesn't have any conversion overhead. -- Adopting other people's animosity is The New Stupid.
	to forum · permalink · 2012-01-23 22:17:11 ·

OS and Software > All Things Unix > Any pfSense users running pfBlocker for Spam Control?