Quote Originally Posted by shakeshuck View Post
westin,

Now that you've forced me to think (never a good idea!), I'm a bit stumped. Realistically (email wise) a potential customer could come from anywhere. I agree that you could probably remove most of Africa, but after that it's a case of separating the wheat from the chaff.

In my case, I'm currently in the UK, but I have email addresses hosted in Australia and the US. I'd have to open port 25 to each of these even though I'm not there (not that the US or Aus are problem areas, but you get the idea). How many potential customers use email systems outside their locality?

I was intending to start with greylisting, but if I read it right anyone that's persistent will still get through.

I'll have to ponder...
I would start by figuring out who does not need to connect, and blocking those first. The main culprits for attacks seem to be China, parts of Africa, North Korea, and former Soviet Republics. Block those if you have no reason for incoming connections from those areas. Also make sure that you run SSH on a non-standard port, and use certificates. Also check into 'denyhosts'. It will allow you to block connections from an address after a specified number of failed login attempts. You can do the same thing with iptables, but denyhosts simplifies the process. Their config file is pretty self explanatory.