On Thu, Dec 23, 2004 at 03:57:56PM +0000, Earle Martin wrote:
http://openguides.org/dev/?node=Wiki%20Greylisting
Dave, perhaps you might like to elucidate on the basics of BGP for those of
us who aren't familiar with it.
Yes, and a correction to your image too :-)
BGP (Border Gateway Protocol) is what ISPs use to figure out how to
route a packet from one host to another half way round the world. It
works by ISPs "announcing" that they can route to (eg) all hosts in
NETMASK/BITS. eg, 212.58.224.111 is a BBC web server. Auntie
announces a route to 212.58.224.0/19. That notation means "the netblock
which contains IP 212.58.224.0 and all other IPs which have the same
first 19 bits". Obviously, the smaller the number of leading bits a
block shares, the larger the block.
The idea is that when a wikiadmin sees some spam, they would look at a
view of the routing table (I have a script which does this using
route-views.org's very nice DNS-ish view of the routing table at the
University of Oregon) to see what netblock was being announced that
contained the spammer's IP, and would greylist the entire block [Earle -
it might be bigger or smaller than a /20]. They would also BLACKlist
the spammer's /24 or, if the netblockis smaller than /24, blacklist just
that smaller block.
We blacklist a /24 as well as greylisting a larger block for reasons of
route aggregation, ISPs being spam-friendly, and so on. I can explain
in great detail and at great length over a beer ;-)
I have a script which I use for this sort of stuff, contact me off-list
if you want a copy.
It's very important to note that no blacklisting or greylisting should
happen without an admin's say-so. Although I would very strongly
recommend blacklisting all the networks at:
http://www.spamhaus.org/drop/drop.lasso
(explanation at
http://www.spamhaus.org/drop/)
and at least greylisting (but preferably blacklisting) all of:
http://www.okean.com/sinokoreacidr.txt
(explanation at
http://www.okean.com/asianspamblocks.html)
FWIW, I have all of those netblocks blacklisted (plus several others)
in my mail sewer config, and there is no noticeable performance hit.
--
David Cantrell | Reality Engineer, Ministry of Information
It requires zero configuration once you're configured properly
-- pudge, talking about Rendezvous (zeroconf) in Jagwyre