Page 1 of 1
Spam filtering - how to improve my antispam system
Posted: Sun Jan 06, 2019 10:40 pm
by BartoszP
Hi,
I use Barracuda Spam Filter (Barracude ESG) as my spam-firewall for one of my customers.
It does good job but one of their e-mail's was used for communication with China based client. Since then we receive hundreds spam e-mails per day only for this used e-mail. We do not receive e-mails to admin@..., postamster@...., office@... or any other easy to guess addresses. Just for this one.
Trying different settings for ESG but there was no "wow" effect.
Today I decided to look for China's IP ranges and block it at router's level and block all SMTP traffic from these addresses.
We have no clients in Chine so I do not harm our business. I have impleneted it circa at 11 am. Look at THE EFFECT.
RED IS BAD
Re: Spam filtering - how to improve my antispam system
Posted: Mon Jan 07, 2019 1:04 am
by sebastia
Nice out of the box thinking!
Re: Spam filtering - how to improve my antispam system
Posted: Mon Jan 07, 2019 5:30 am
by anav
I'm disappointed at the crappy level of service you provided to your clients until you implemented proper country blocking ;-p
Just kidding, nice touch!!
Re: Spam filtering - how to improve my antispam system
Posted: Mon Jan 07, 2019 10:35 am
by BartoszP
Almost 24 hours later
Edit ... blocked at RAW firewall level
Chiny4.PNG
Re: Spam filtering - how to improve my antispam system
Posted: Mon Jan 07, 2019 3:55 pm
by anav
Bartosz, country blocking is one of the many value added security prongs in the MOAB service that one of our forum folk provides for his clients and recently made available to all.
You should check it out.
viewtopic.php?t=137632
Re: Spam filtering - how to improve my antispam system
Posted: Wed Jan 09, 2019 7:46 pm
by Xtremer
Can you please add a post with your blocking rules and ip address list for this solution.
Thank you for your time.
Re: Spam filtering - how to improve my antispam system
Posted: Wed Jan 09, 2019 8:14 pm
by BartoszP
@anav:
Barracuda ESG does good job .. it filters most of spam from China ... most means 99% ... but I was tired skipping whole pages of "dropped/blocked" entries and decided to not allow such e-mails to reach ESG
@Xtreamer:
Please check attachment. It is part of a bigger set of rules so you must to tailor it to your nedds as we have more than one WAN interface, more rules adding to RAWATTACK address list etc. These lines in the attachment are crucial ones
Re: Spam filtering - how to improve my antispam system
Posted: Wed Jan 09, 2019 9:28 pm
by Xtremer
Thank you BartoszP.
Re: Spam filtering - how to improve my antispam system
Posted: Wed Jan 09, 2019 10:14 pm
by tippenring
Can you please add a post with your blocking rules and ip address list for this solution.
Thank you for your time.
Here's my process to create a US-based network address list for geofencing. You may wish to name your address list differently of course.
1. Copy the US-based address list
here to N++.
2. Prepend "add list=US address=" to each subnet (in notepad++ do regex search for ^ replace with "add list=US address=", or use the TextFX plugin to insert a clipboard value to the beginning of each line)
3. Add "/ip firewall address-list" as the first line of the file.
4. Save the file and copy it to the router.
5. Open a terminal window and type "import <filename>".
Use the address list as desired in the firewall rules.
Re: Spam filtering - how to improve my antispam system
Posted: Thu Jan 10, 2019 10:34 am
by BartoszP
I use N++ with it's regular expression search+replace/replace all option.