From: dale's l. a. <li...@be...> - 2002-09-18 19:26:37
|
Hi, On Wednesday, September 18, 2002, at 05:56 AM, Larry Gilson wrote: [snip] > > Your other option here is to use the smtpd access controls provided with > most MTAs. Access is generally provided for helo greeting (checks to make > sure the sending host is in FQND format), client IP address, reject/ok > recipient, and reject/ok sender. I found that I need to block large > address > ranges for Asia Pacific IP addresses. But what happens when they or others > relay? They will usually fail the helo/ehlo test or recipient test. My > humble opinion is that you will be more pleased to use smtp controls than > to > keep supplying SMTP/all service deny rules in the firewall. I do have pretty good tools in my MTA, I was thinking that doing it at a firewall level might be better/faster. > Also keep in mind that the larger the list of rules your firewall maintains > means reduced performance. Most MTAs will use a hashed database for better > lookup performance. This may not be as important for a home network but > then you might want to consider granularity of control. Just a few thousand emails per day on my mail server right now. I guess I will stick with it for this particular blocking purpose. Probably still a good idea to learn more about IPtables anyway :) > --Larry Thanks for the reply and suggestions Dale |