FW: IP country block possible?

Res res at ausics.net
Wed Jan 3 23:28:59 CET 2007


On Wed, 3 Jan 2007, mailscanner at aha4adsl.nl wrote:

> We mainly have Dutch and Belgium contacts and therefore want to block
> non-Dutch IP-ranges.

Thats crazy :)  but if you insist, (we know people on this list are often
only carrying out company directives and it is not the place of anyone on 
this lsit to try tell you not to do it) this is not a job for MailScanner, 
it is the responsability of your MTA.

I have an ACL on a data center router here which takes out 3 asian 
countries because of their assholish behaviours, and I can assure you that 
acl for those 3 countries (since TLD blocking is a waste of time as many 
admins are too lazy or clueless to configure DNS) is huge, these are not 
single IP's but entire netmasks...

~# grep -c "access-list 183 deny" /backs/routers/bne/brd1-Wed
862
~#

Ok, thats blocking, you want to allow, but its much the same principle,
Your sendmail/postfix/qmail ACL "OK" lists will be very large to allow 
only a couple of countries.


-- 
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters




More information about the MailScanner mailing list