Milter-greylist

On Mon, Oct 12, 2009 at 11:17:27AM -0000, d d wrote:
> Dropping the following in firewall:
> 
> 187.0.0.0/8

Not all of that is in Brazil, for example:
187.160/12 is routed to Mexico.

And others will be routed to other South or Latin America countries,
as those are LACNIC networks (LACNIC = Latin and Caribbean NIC)

> 189.0.0.0/8
> 200.0.0.0/8
> 201.0.0.0/8
You can skip one line by using 200.0.0.0/7 ;-)

> 
> eliminated 80% of SPAM connections. I have no business in Brasil or from Brasil, so I will keep these iptables rules. These are nasty spam depots, blocking class C's did not help at all since they tried to send the same email from different /16's -- and even /8's.

I know what you mean, looking at my spam stats, I see that Brazil is one
of the top sources of spam.

But I don't block completely on IP level, I use country-based DNS blacklists
instead, in this case: br.countries.nerd.dk .
I never had a false positive with the blacklists under .countries.nerd.dk.

> Is this the right way?
Not really, as you're blocking not only Brazil.
And you're are probably also not blocking all of Brazil, there may be more
assignments.

> I don't really care. Works for me. Sorry for friends in Brasil.
It's always your choice ;-)
But why do you ask, if you don't care?

-- 
Ralf 'Snake' Gebhart