Blocking email using iptables

[mzets]

Let's face it. Spam is getting worse by the day. Since my web server (Linux/Apache at Serverbeach) serves only domestic clients and visitors, I want to stop all incoming contact from China & Korea. For example, I want to block all email coming from any IP address from 83.0.0.0 to 83.255.255.255

(I know this is a HUGE block of IP addresses but that's what I want to try for now.)

My current iptable's INPUT chain (policy ACCEPT) is...
1 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5
2 DROP icmp -- 0.0.0.0/0 0.0.0.0/0
3 DROP tcp -- 83.0.0.0/8 0.0.0.0/0 tcp dpt:25
Rules 1 & 2 came with my default setup. Rule 3 was added using...

iptables -A INPUT -p tcp -s 83.0.0.0/8 --dport 25 -j DROP
Is the 83.0.0.0/8 the correct syntax for the entire range of IP addresses?

Does this block everything? Or would I be better off using...

iptables -A INPUT -p all -s 83.0.0.0/8 -j DROP

I want to completely eliminate any contact (including access to the web site and all email originating) from Asia. The IP address ranges are easy to find on Google but I want to be sure to use the exact (aka BEST) syntax to add the new rules.

Lastly, BIG QUESTION... After adding the new rules using the iptables -A command, is it necessary to stop and restart iptables?

Many, many thanks for your help.

[framp]

This will work to block 83.0.0.0/8 port 25 BUT this is a huge IP range.
Are you shure this IP range only holds chinese and korean IP adresses? I wouldn't block all thes IPs. I would install spamassisin and let your customers decide which mail to discard.

Lastly, BIG QUESTION... After adding the new rules using the iptables -A command, is it necessary to stop and restart iptables?

I'm not shure I get what you mean with 'restart iptables'. Whenever you execute iptables these rules will become active immediately.