FW: IP country block possible?
Jon Leeman
technician at cenpac.net.nr
Thu Jan 4 00:24:05 CET 2007
Res wrote:
> On Wed, 3 Jan 2007, mailscanner at aha4adsl.nl wrote:
>
>> We mainly have Dutch and Belgium contacts and therefore want to block
>> non-Dutch IP-ranges.
>
> Thats crazy :) but if you insist, (we know people on this list are often
> only carrying out company directives and it is not the place of anyone
> on this lsit to try tell you not to do it) this is not a job for
> MailScanner, it is the responsability of your MTA.
>
> I have an ACL on a data center router here which takes out 3 asian
> countries because of their assholish behaviours, and I can assure you
> that acl for those 3 countries (since TLD blocking is a waste of time as
> many admins are too lazy or clueless to configure DNS) is huge, these
> are not single IP's but entire netmasks...
>
> ~# grep -c "access-list 183 deny" /backs/routers/bne/brd1-Wed
> 862
> ~#
>
> Ok, thats blocking, you want to allow, but its much the same principle,
> Your sendmail/postfix/qmail ACL "OK" lists will be very large to allow
> only a couple of countries.
>
>
I often use the Cisco ACL on our border router from
http://www.okean.com/ when the garbage from the countries mentioned
becomes a nuisance.
Rgds.,
Jon
More information about the MailScanner
mailing list