[NTLUG:Discuss] Trying to block all China/KoreaIPs ingreylisting

Wed Jun 13 13:04:10 CDT 2007

Are you finding that lots of spam is getting through your greylisting?

. Daniel wrote:
> I finally discovered RelayCountryPlugin and have made some attempt at 
> implementation.  We'll see how it goes.
> 
> It's just a damned frustrating problem and it's easy to be tempted to use 
> extreme measures to block spam.
> 
>> If you do want to completely block these hosts, do you really want to do
>> it in your greylist?
>>
>> You probably want to block them directly in sendmail with a dnsbl like:
>>
>> http://countries.nerd.dk/
>>
>> You can also do it in spamassassin:
>>
>> http://wiki.apache.org/spamassassin/RelayCountryPlugin
>>
>> If you REALLY want to do it in relaydelay, here is a perl script that
>> will convert your list of ip ranges into octects (like relaydelay
>> wants).  You'll need Net::CIDR install though.
>>
>> #!/usr/bin/perl
>>
>> use Net::CIDR ':all';
>>
>> while (<>) {
>>     next if (/^#/);
>>     my ($s, $e) = split(/[\s-]+/);
>>     my @list;
>>     eval {@list = range2cidr("$s-$e")};
>>     print join("\n", cidr2octets(@list)), "\n" if @list;
>> }
>>
>>
>> You'd run it something like:
>> ./block.pl < sinokorea.txt > blacklist.txt
>>
>> Of course, I think this is all a really bad idea, but there you go.
>>
>> . Daniel wrote:
>>> I would be happy if I could somehow specify which countries.  I would
>>> select China, Korea, Brazil, Russia and Romania for starters but I 
> wouldn't
>>> likely stop there.
>>>
>>>> Are you trying to completely block all mail coming from certain
>>>> countries or only selectively greylist them?
>>>>
>>>>
>>>> . Daniel wrote:
>>>>> I have the list from the following URL:
>>>>>
>>>>> http://www.okean.com/sinokorea.txt
>>>>>
>>>>> I can parse just the first field easily enough with:
>>>>>
>>>>> cat sinokorea.txt | awk '{ print $1 }'
>>>>>
>>>>> The greylist (relaydelay in this case) wants to see block ranges as
>>>>> incomplete octets if that makes sense.  For example, if I wanted to
>>> block
>>>>> 218.232.x.x, I would simply add a block to "218.232"  It is my
>>>>> understanding that it would take 218.232.0.0 literally and would only
>>> block
>>>>> that IP address (yes, I know it's not valid).
>>>>>
>>>>> I have tried adding " | sed /.0.0.0// " to the previous command line
>>> but I
>>>>> do not get the results I seek... it doesn't make sense.  I'm guessing
>>> that
>>>>> expressions in sed for matching have some special meaning when a "."
>>>>> character is used.
>>>>>
>>>>> And perhaps I am barking up the wrong tree entirely, but my end 
> purpose
>>> is
>>>>> to make entries in my relaydelay blacklist table to block out all of
>>> china,
>>>>> korea and ultimately any country outside of the US that I care to.
>>> (The
>>>>> business I work for has no business need to receive email from 
> outside
>>> of
>>>>> the state, let alone outside of the country... so it's presumed to be
>>> spam
>>>>> when it originates from outside of the USA.)
>>>>>
>>>>> Anyone know any special magic incantations to achieve this end?  I 
> had
>>>>> heard someone mention spamassassin rules that would elevate risk by
>>> country
>>>>> of origin, but I cannot find anything on the net to document this 
> yet...
>>> _________________________________________________________________
>>> Office ストーリー連載開始。豪華プレゼントあり！
>>> http://go.microsoft.com/?linkid=6696410
>>>
>>>
>>> _______________________________________________
>>> http://www.ntlug.org/mailman/listinfo/discuss
>> _______________________________________________
>> http://www.ntlug.org/mailman/listinfo/discuss
> 
> _________________________________________________________________
> 地球温暖化防止啓発に向けた世界規模コンサート「LIVE EARTH」のサイトがMSN内に
> OPEN！ http://liveearth.jp.msn.com/ 
> 
> 
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss