On 10/14/2015 03:37 AM, Rich Kulawiec wrote:
On Wed, Oct 14, 2015 at 12:12:29PM +0200, Randy Bush wrote:
jeezus folk!
I wouldn't necessarily recommend that approach. There is no obligation for victims of spammers to continue providing Internet services to them, including SMTP services. A much better move would be to identify the network block emitting this abuse and block/drop all packets from it at the perimeter of the network or in the firewall(s). After all, spammers frequently engage in other forms of abuse, so it would probably be best to simply remove them from your view of the Internet.
---rsk
+1 -- I've taken the approach in my edge network to block spammers and SSH abusers completely, on the theory that people will have multiple bad habits. I collect between 1000 and 2000 spam messages during each cycle, then add the worst offenders to my netblocks. I don't recommend this approach for services that have a number of different customers; for enterprise networks, though, judicious use of ACLs can relieve a lot of headaches and clogging traffic. Running multiple mail servers, one for incoming sales and one for general use, lets you tailor the blocks so that relatively few people have to deal with the sludge.