If you’re getting many connections from one host, or the host is sending lots of spam your way. Then yes filtering the traffic would be given. But basing your filtering on an RBL that includes hosts based on user submissions is something you should re-think. Lots of ISP and small business get on the block very easily.

I sound like a broken record, but I’d rather receive my mail than have it blocked entirely. Before employing SA-Exim and a lot of Exim configuration, I was getting over 150 spam emails a day. Now its 3-4, and thats with a catchall!

All this script does is comb through the logs and find those RBL blocks and go one step further and block them via IP tables so as to stop further email from these IP’s.

BTW, since this article was posted, over 17583 IP bans have been issued. Slowly but surely the amount getting banned is smaller and smaller as the list gets larger.

One thing that works really well is sa-exim:

http://marc.merlins.org/linux/exim/sa.html

It’s runs inside of Exim and scans messages at SMTP time. Which is good for many reasons, you’re not straight out blocking the ISP so it doesn’t look like a network/firewall issue. This is important, because most of the time when there is an issue with mail people will point fingers (and for customers this isn’t fun).

Also, you want to reject mail at SMTP. As you can send a note along with the bounced mail back to the sender.

However, changing your MTA is a big hassle if you’re already using one that you love. Food for thought.