Only individuals, companies, or internet service providers who manage their own routers or
firewalls are able to use the method documented below to filter packet traffic with SPEWS.
Filtering TCP/IP packets using any blocklisting data is considered a bit controversial
by some, in fact, very few SPEWS users implement this level of rejection. The
reason being, when traffic is denied at the packet level, the listed site being
rejected is, in most cases, unaware this is occurring and sees the lack of a connection as
"network trouble." Unlike the bouncing back of an email with a message from a mailserver's
spam filter system, there is usually no feedback to the listed site as to the reason for this
trouble. (note: OpenBSD's spamd can give one the best of both worlds)
At this time, SPEWS will just present this option as something one might consider as long
as the consequences are known. As with all private networks, one has the right to accept
or reject traffic from anyone or any place they choose and if this is what a small, bandwidth
limited, network needs to do, it can be done.
Someone wanting to use this method should have a good working knowledge as to how one sets up
routers, hardware/software based firewalls and system level packet filters. Here are some links
one may want to read on this subject, the actual implementation will be left to the end user:
An interesting snippet of shell scripting to build IPCHAINS files was recently presented in a
Usenet message sig:
|
OpenBSD users should check out pf, the OpenBSD Packet Filter
(or pf combined with relaydb).
Solaris and other system users may find its technology and this presentation interesting.
(slide 1 / slide 2)
Starting with OpenBSD 3.3, SMTP packet level filtering using SPEWS is built into the system by
means of "spamd" - a spam deferral daemon, which SMTP
connections can be redirected to. This daemon handles connections based on black lists and white lists,
tar-pits the connections, and ensures that the spammer knows why their mail has not been accepted.
Files that list the SPEWS data in an IP range format can be found here:
Level 1 data and here: Level 2 data.
These files can also be downloaded in a much smaller and CRC'd "bzip" compressed format here: Level 1 data
or here: Level 2 data or at
spfilter.sourceforge.net.
How often should one
download these? Once or twice a day for most users, if you wish to do hourly downloads (shorter periods
than that yield nothing and waste bandwidth), please fetch the compressed format versions.
SPFilter provides the same data in other formats which
can be used to create router/firewall and MTA deny tables.
Please read the differences between the two levels of SPEWS listings at the SPEWS FAQ
page. Using only Level 1 is highly recommended if one wants to packet reject. In the future, files
representing SPEWS data in "IPCHAINS" and other router/firewall deny table formats should be available,
but for now one will need to build ones own.
|