Learn More
Resend Email
23
Condor
4y

Often I hear that one should block spam email based on content match rather than IP match. Sometimes even that blocking Chinese ranges in particular is prejudiced and racist. Allow me to debunk that after I've been looking at traffic on port 25 with tcpdump for several weeks now, and got rid of most of my incoming spam too.

There are these spamhausen that communicate with my mail server as much as every minute.
- biz-smtp.com
- mailing-expert.com
- smtp-shop.com

All of them are Chinese. They make up - rough guess - around 90% of the traffic that hits my edge nodes, if not more.

The network ranges I've blocked are apparently as follows:
- 193.106.175.0/24 (Russia)
- 49.64.0.0/11 (China)
- 181.39.88.172 (Ecuador)
- 188.130.160.216 (Russia)
- 106.75.144.0/20 (China)
- 183.227.0.0/16 (China)
- 106.75.32.0/19 (China)
.. apparently I blocked that one twice, heh
- 116.16.0.0/12 (China)
- 123.58.160.0/19 (China)

It's not all China but holy hell, a lot of spam sure comes from there, given how Golden Shield supposedly blocks internet access to the Chinese citizens. A friend of mine who lives in China (how he got past the firewall is beyond me, and he won't tell me either) told me that while incoming information is "regulated", they don't give half a shit about outgoing traffic to foreign countries. Hence all those shitty filter bag suppliers and whatnot. The Chinese government doesn't care.

So what is the alternative like, that would block based on content? Well there are a few solutions out there, namely SpamAssassin, ClamAV and Amavis among others. The problem is that they're all very memory intensive (especially compared to e.g. Postfix and Dovecot themselves) and that they must scan every email, and keep up with evasion techniques (such as putting the content in an image, or using characters from different character sets t̾h̾a̾t̾ ̾l̾o̾o̾k̾ ̾s̾i̾m̾i̾l̾a̾r̾).

But the thing is, all of that traffic comes from a certain few offending IP ranges, and an iptables rule that covers a whole range is very cheap. China (or any country for that matter) has too many IP ranges to block all of them. But the certain few offending IP ranges? I'll take a cheap IP-based filter over expensive content-based filters any day. And I don't want to be shamed for that.

rant

spam

email filters
Favorite
Ranter
Comments
  • 12
    4y
    I've never heard as something specific like IP blocking some IPs as "prejudiced and racist".
  • 3
    4y
    @N00bPancakes consider yourself lucky :)
  • 8
    4y
    If that's racist, I'm worse then you.
    I just hit "block country x" and walk away, blocking IP I'll only do if it's a persistent IP that doesn't get picked up by the umbrella blocks.

    Its nothing more then blocking unwanted and unnecessary traffic to a service that's not intended for anyone in such locations.
  • 4
    4y
    I consider country blocks completely normal 😅
  • 7
    4y
    Statistics aren’t racist 🤷🏻‍♀️

    If you don’t know anyone in China, you probably don’t want email from there. Block them. Especially if it includes a spam factory or three.
  • 2
    4y
    @Root
    Statistics are "biased." Grandpa is racist.
  • 3
    4y
    Not racist at all, why we mix politics in with computers is beyond me, I hate everyone equally
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment