[NTLUG:Discuss] All non-US IP list?

Leroy Tennison leroy_tennison at prodigy.net
Wed Jul 4 00:45:14 CDT 2007 

Chris Cox wrote:
> . Daniel wrote:
>   
>> You may be right in that I don't want to do it in greylisting.  I'll just 
>> put this away until my level of frustration bests my desire to not learn 
>> anything new. :)  Then I'll try to do it the enhdnsbl way.
>>
>> Tell ya what though... I really hate spam... really hate it.
>>     
>
>
> Patterns I block (list based on examination.. many of course are from
> overseas)... my apologies if you find your netblock in the list :)
>
>
> .*\[58\..*
> .*\[59\..*
> .*\[6[01]\..*
> .*\[62\.234\..*
> .*\[64\.251\.1[6-9][0-9]\..*
> .*\[64\.251\.2[0-5][0-9]\..*
> .*\[66\.201\.101\..*
> .*\[69\.30\.19[2-9]\..*
> .*\[69\.30\.2[0-3][0-9]\..*
> .*\[70\.224\.117\.23[2-9]
> .*\[72\.232\..*
> .*\[80\.108\..*
> .*\[80\.12[89]\..*
> .*\[80\.13[0-9]\..*
> .*\[80\.14[0-6]\..*
> .*\[81\.22\..*
> .*\[81\.3[5-9]\..*
> .*\[81\.197\.20[4-7]\..*
> .*\[82\.192\..*
> .*\[82\.241\..*
> .*\[83\.242\.[78][0-9]\..*
> .*\[83\.242\.6[0-4]\..*
> .*\[83\.242\.9[0-5]\..*
> .*\[83\.5[1-6]\..*
> .*\[84\.6[1-3]\..*
> .*\[84\.227\..*
> .*\[84\.234\..*
> .*\[86\.125\..*
> .*\[87\.197\..*
> .*\[87\.206\..*
> .*\[125\.23[45]\..*
> .*\[202\.125\..*
> .*\[203\.10\..*
> .*\[203\.210\..*
> .*\[204\.15\..*
> .*\[206\.156\..*
> .*\[208\.99\..*
> .*\[210\..*
> .*\[211\..*
> .*\[212\..*
> .*\[213\..*
> .*\[216\.22\..*
> .*\[218\..*
> .*\[219\..*
> .*\[220\..*
> .*\[221\..*
> .*\[222\..*
> .*\[64\.243\.224\.82\].*
> .*\[219\.12[89]\..*
> .*\[219\.13[0-7]\..*
> .*\[66\.201\.124\.189\].*
> .*\[163\.1[3-9]\..*
> .*\[163\.2[0-9]\..*
> .*\[163\.3[0-2]\..*
> .*\[85\.218\.2[4-7]\..*
> .*\[64\.12[45]\..*
> .*\[66\.201\.124\.176.*
> .*\[69\.30\.19[2-9]\..*
> .*\[69\.30\.2[01][0-9]\..*
> .*\[69\.30\.22[0-3]\..*
> .*\[82\.120\.142\..*
> .*\[206\.225\.8[0-9]\..*
> .*\[206\.225\.9[0-5]\..*
> .*\[24\.8[0-7]\..*
> .*\[63\.146\.199\..*
> .*\[133\.97\..*
> .*\[83\.133\.122\..*
> .*\[72\.29\.[0-9]\..*
> .*\[72\.29\.[12][0-9]\..*
> .*\[72\.29\.3[01]\..*
> .*\[67\.40\.64\.3\].*
> .*\[82\.125\.71\..*
> .*\[66\.201\.124\..*
> .*\[211\.176\.234\..*
> .*\[200\.101\..*
> .*\[200\.122\..*
> .*\[84\.1[4-8][0-9]\..*
> .*\[84\.13[0-6]\..*
> .*\[84\.19[01]\..*
> .*\[211\.49\.5\..*
> .*\[219\.15[4-7]\..*
> .*\[66\.190\.147\.136.*
> .*\[82\.15[89]\..*
> .*\[148\.2[0-5][0-9]\..*
> .*\[84\.9[7-9]\..*
> .*\[84\.10[0-3]\..*
> .*\[202\.61\.[3-6][0-9]\..*
> .*\[82\.127\.153\..*
>
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
>   
This may be a wild idea but I'm going to throw it out anyway (let's see 
if I get shot at for doing so).  Rather than trying to block a large 
(and possibly changing) list why not approach it from the opposite 
direction: Accept only the address ranges you want and dump the rest.  
You might even want to consider doing this at the network layer using 
iptables.  If you can come up with a list of acceptable address ranges 
then accept them and drop everything else.

More information about the Discuss mailing list