Hi,

I use Barracuda Spam Filter (Barracude ESG) as my spam-firewall for one of my customers.
It does good job but one of their e-mail's was used for communication with China based client. Since then we receive hundreds spam e-mails per day only for this used e-mail. We do not receive e-mails to admin@..., postamster@...., office@... or any other easy to guess addresses. Just for this one.
Trying different settings for ESG but there was no "wow" effect.
Today I decided to look for China's IP ranges and block it at router's level and block all SMTP traffic from these addresses.
We have no clients in Chine so I do not harm our business. I have impleneted it circa at 11 am. Look at THE EFFECT.

RED IS BAD

Nice out of the box thinking!

I'm disappointed at the crappy level of service you provided to your clients until you implemented proper country blocking ;-p
Just kidding, nice touch!!

Almost 24 hours later

Edit ... blocked at RAW firewall level

Bartosz, country blocking is one of the many value added security prongs in the MOAB service that one of our forum folk provides for his clients and recently made available to all.
You should check it out.
viewtopic.php?t=137632

Can you please add a post with your blocking rules and ip address list for this solution.

Thank you for your time.

@anav:

Barracuda ESG does good job .. it filters most of spam from China ... most means 99% ... but I was tired skipping whole pages of "dropped/blocked" entries and decided to not allow such e-mails to reach ESG

@Xtreamer:

Please check attachment. It is part of a bigger set of rules so you must to tailor it to your nedds as we have more than one WAN interface, more rules adding to RAWATTACK address list etc. These lines in the attachment are crucial ones

Thank you BartoszP.

Can you please add a post with your blocking rules and ip address list for this solution.

Thank you for your time.

Here's my process to create a US-based network address list for geofencing. You may wish to name your address list differently of course.

1. Copy the US-based address list here to N++.
2. Prepend "add list=US address=" to each subnet (in notepad++ do regex search for ^ replace with "add list=US address=", or use the TextFX plugin to insert a clipboard value to the beginning of each line)
3. Add "/ip firewall address-list" as the first line of the file.
4. Save the file and copy it to the router.
5. Open a terminal window and type "import <filename>".

Use the address list as desired in the firewall rules.

I use N++ with it's regular expression search+replace/replace all option.