General Questions

is there a way for monowall to be able to check if a certain ip that is making a connection to your servers from a text file or a spl or rbl list, and if listed drop connection automatically, somethinglike spamhaus,

reason i say this, i have several spammers that attemmpt to send me mail, and although i have them black isted at the mail server, they still use up valuable bandwidth,  i just though that if it could be stopped at the connection it owuld free some bandwidth up, or would it make a diff. on a t-1 line

in additon i also found this bit of info

http://www.spamhaus.org/faq/answers.lasso?section=DROP%20FAQ



reads as follows

DROP (Don't Route Or Peer) is an advisory "drop all traffic" list. DROP is a tiny subset of the SBL designed for use by firewalls and routing equipment. The DROP list will never include any IP space allocated to a legitimate network and reassigned - even if reassigned to the proverbial "spammers from hell". DROP includes IP space totally controlled by spammers or 100% spam hosting operations. These are "direct allocations" from ARIN, RIPE, APNIC, LACNIC, or other Regional Internet Registries.
Spamhaus strongly recommends the use of DROP by tier-1 and backbone networks. Simply consulting the DROP webpage when someone asks you to route some suspicious IPs can help avoid picking up customers you would just as soon not have on your network.

I would recommend against blocking or dropping them at the firewall, that's a slippery slope. While it might save a little bandwidth, its a lot more to manage and can cause problems, like false positives getting blocked, and m0n0wall isn't designed for actively changing the firewall table.

You might want to check out fail2ban, which can temporarily block ips based upon logs, great for brute force attacks and abusive spammers.

I have my email servers block ip addresses on port 21 if they try to send to 5 or more non-existent accounts. I've also considered throttling port 21, but I haven't yet.