[NTLUG:Discuss] All non-US IP list?

[Stuart Johnston]

You really don't want to do this in the greylist config.  You want to 
use the dnsbl lookups in sendmail.  Ideally you would want to say, 
reject anything that does not hit us.countries.nerd.dk (I couldn't 
figure out blackholes.us).  I don't use sendmail so I'm not sure if it 
that is feasible.

The standard way would be to block each country individually.

FEATURE(`enhdnsbl',`zz.countries.nerd.dk',`"554 Rejected " 
$&{client_addr} " found in Afghanistan"', , `127.0.0.4')dnl

. Daniel wrote:
> It didn't work for me the first time, but it worked when I did a page 
> reload.  I read on their page that they need a secondary DNS server... that 
> probably has something to do with it.
> 
> Okay so now I just need to get these IPs imported into greylisting and so I 
> need to process the list somehow.  Now where did I put that Perl coding 
> expert?  I had him around here somewhere.... 
> 
> In any case, the data I seek is here:
> 
> http://www.blackholes.us/zones/countries/countries.rbl
> 
> Now I just need a way to parse it... Perl is such a powerful language... 
> it's just so hard to look at!  *WAY* back in the day, I used to write C 
> code... actually 6809 assembler, BASIC of many flavors, Basic09 and C.  
> Never got into C++ or anything object oriented... that broke my mind.
> 
> 
> 
>> Odd, I guess there was a glitch somewhere.  Its up here.
>>
>> Stuart Johnston wrote:
>>> As I mentioned before, you can use a dnsbl like those from
>>> http://countries.nerd.dk/ to block them at connection time.  This is 
> the
>>> same idea as Ken's suggestion but blackholes.us doesn't seem to be
>>> available.
>>>
>>> . Daniel wrote:
>>>> This is something of a follow-up on the previous discussion of 
> blocking all
>>>> chinese and korean IPs at the greylist filter.
>>>>
>>>> I have followed the advice of list members here suggesting that I use
>>>> spamassassin and rank the values of emails from certain countries 
> higher.
>>>> And that has certainly helped in one regard: The email is trapped and
>>>> scanned on my MailScanner machine.  But let me tell you, while that is
>>>> certainly effective, it's not enough.
>>>>
>>>> Recently, I have been seeing emails coming from more countries than I 
> can
>>>> list in that particular set of rules.  Further, the sheer amount of 
> email
>>>> coming in and being processed is simply killing my server.  (Yes, I 
> need a
>>>> bigger server... maybe one day but not today.)  At some point, the box
>>>> simply stops sending email on to my exchange server for reasons I have 
> been
>>>> unable to detect.  The sendmail queue just says "sending" and nothing 
> is
>>>> sent.  Rebooting the machine clears it up until the next time it gets
>>>> congested like that.
>>>>
>>>> Previously someone wrote a little perl script for me to parse through 
> some
>>>> IP addresses for china and korea in a way that is suitable for 
> relaydelay.
>>>> Obviously, this will help but isn't going to fix the larger problem.  
> Where
>>>> before the majority of such traffic was coming from those two areas, 
> now
>>>> it's coming from all of Europe and South American countries.
>>>>
>>>> I've been googling for lists of non-US IP addresses and there is no
>>>> shortage of discussion on the topic.  (A lot of people offering what a 
> bad
>>>> idea it is and all that but without stating WHY it's a bad idea... not
>>>> offering a scenario where it could be bad.)  In my case, this is a 
> business
>>>> that does business exclusively in Texas and exclusively for schools.  
> There
>>>> is absolutely no business reason for incoming mail from outside Texas, 
> let
>>>> alone outside of the U.S.
>>>>
>>>> If only I could get a list of non-US IP addresses, I would be a 
> happier man.
> 
> _________________________________________________________________
> ダウンロード無料！マイクロソフトの最新ブラウザMSN版を今すぐ体験 
> http://promotion.msn.co.jp/ie7/ 
> 
> 
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss