[NTLUG:Discuss] Trying to block all China/Korea IPs ingreylisting

[Stuart Johnston]

If you do want to completely block these hosts, do you really want to do
it in your greylist?

You probably want to block them directly in sendmail with a dnsbl like:

http://countries.nerd.dk/

You can also do it in spamassassin:

http://wiki.apache.org/spamassassin/RelayCountryPlugin

If you REALLY want to do it in relaydelay, here is a perl script that
will convert your list of ip ranges into octects (like relaydelay
wants).  You'll need Net::CIDR install though.

#!/usr/bin/perl

use Net::CIDR ':all';

while (<>) {
    next if (/^#/);
    my ($s, $e) = split(/[\s-]+/);
    my @list;
    eval {@list = range2cidr("$s-$e")};
    print join("\n", cidr2octets(@list)), "\n" if @list;
}


You'd run it something like:
./block.pl < sinokorea.txt > blacklist.txt

Of course, I think this is all a really bad idea, but there you go.

. Daniel wrote:
> I would be happy if I could somehow specify which countries.  I would 
> select China, Korea, Brazil, Russia and Romania for starters but I wouldn't 
> likely stop there.
> 
>> Are you trying to completely block all mail coming from certain
>> countries or only selectively greylist them?
>>
>>
>> . Daniel wrote:
>>> I have the list from the following URL:
>>>
>>> http://www.okean.com/sinokorea.txt
>>>
>>> I can parse just the first field easily enough with:
>>>
>>> cat sinokorea.txt | awk '{ print $1 }'
>>>
>>> The greylist (relaydelay in this case) wants to see block ranges as
>>> incomplete octets if that makes sense.  For example, if I wanted to 
> block
>>> 218.232.x.x, I would simply add a block to "218.232"  It is my
>>> understanding that it would take 218.232.0.0 literally and would only 
> block
>>> that IP address (yes, I know it's not valid).
>>>
>>> I have tried adding " | sed /.0.0.0// " to the previous command line 
> but I
>>> do not get the results I seek... it doesn't make sense.  I'm guessing 
> that
>>> expressions in sed for matching have some special meaning when a "."
>>> character is used.
>>>
>>> And perhaps I am barking up the wrong tree entirely, but my end purpose 
> is
>>> to make entries in my relaydelay blacklist table to block out all of 
> china,
>>> korea and ultimately any country outside of the US that I care to.  
> (The
>>> business I work for has no business need to receive email from outside 
> of
>>> the state, let alone outside of the country... so it's presumed to be 
> spam
>>> when it originates from outside of the USA.)
>>>
>>> Anyone know any special magic incantations to achieve this end?  I had
>>> heard someone mention spamassassin rules that would elevate risk by 
> country
>>> of origin, but I cannot find anything on the net to document this yet...
> 
> _________________________________________________________________
> Office ストーリー連載開始。豪華プレゼントあり！ 
> http://go.microsoft.com/?linkid=6696410 
> 
> 
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss