{Spam?} RE: IP country block possible?
mailscanner at aha4adsl.nl
mailscanner at aha4adsl.nl
Fri Jan 5 18:08:05 CET 2007
Thank you for all your reactions. I studied them carefully.
Based on that I wanted to start blocking the first countries but I am
running into problems.
I changed my local.cf with the following lines.
body LAMP /\bLamp\b/i
score LAMP 1 2 3 4
header __RCVD_IN_NERDS eval:check_rbl('nerds','zz.countries.nerd.dk.')
describe __RCVD_IN_NERDS Received from a spam country
tflags __RCVD_IN_NERDS 0.01
tflags __RCVD_IN_NERDS net
header RCVD_IN_NERDS_AR eval:check_rbl_sub('nerds','127.0.0.32')
describe RCVD_IN_NERDS_AR Received from Argentina
tflags RCVD_IN_NERDS_AR net
score RCVD_IN_NERDS_AR 2.5
header RCVD_IN_NERDS_BR eval:check_rbl_sub('nerds','127.0.0.76')
describe RCVD_IN_NERDS_BR Received from Brazil
tflags RCVD_IN_NERDS_BR net
score RCVD_IN_NERDS_BR 3.5
header RCVD_IN_NERDS_CL eval:check_rbl_sub('nerds','127.0.0.152')
describe RCVD_IN_NERDS_CL Received from Chile
tflags RCVD_IN_NERDS_CL net
score RCVD_IN_NERDS_CL 2.5
header RCVD_IN_NERDS_CN eval:check_rbl_sub('nerds','127.0.0.156')
describe RCVD_IN_NERDS_CN Received from China
tflags RCVD_IN_NERDS_CN net
score RCVD_IN_NERDS_CN 3.5
header RCVD_IN_NERDS_HK eval:check_rbl_sub('nerds','127.0.1.88')
describe RCVD_IN_NERDS_HK Received from Hong Kong
tflags RCVD_IN_NERDS_HK net
score RCVD_IN_NERDS_HK 2.0
header RCVD_IN_NERDS_IN eval:check_rbl_sub('nerds','127.0.1.100')
describe RCVD_IN_NERDS_IN Received from India
tflags RCVD_IN_NERDS_IN net
score RCVD_IN_NERDS_IN 2.5
header RCVD_IN_NERDS_JP eval:check_rbl_sub('nerds','127.0.1.136')
describe RCVD_IN_NERDS_JP Received from Japan
tflags RCVD_IN_NERDS_JP net
score RCVD_IN_NERDS_JP 2.0
header RCVD_IN_NERDS_KP eval:check_rbl_sub('nerds','127.0.1.152')
describe RCVD_IN_NERDS_KP Received from North Korea
tflags RCVD_IN_NERDS_KP net
score RCVD_IN_NERDS_KR 3.5
header RCVD_IN_NERDS_KR eval:check_rbl_sub('nerds','127.0.1.154')
describe RCVD_IN_NERDS_KR Received from South Korea
tflags RCVD_IN_NERDS_KR net
score RCVD_IN_NERDS_KR 3.5
header RCVD_IN_NERDS_MY eval:check_rbl_sub('nerds','127.0.1.202')
describe RCVD_IN_NERDS_MY Received from Malaysia
tflags RCVD_IN_NERDS_MY net
score RCVD_IN_NERDS_MY 2.5
header RCVD_IN_NERDS_MX eval:check_rbl_sub('nerds','127.0.1.228')
describe RCVD_IN_NERDS_MX Received from Mexico
tflags RCVD_IN_NERDS_MX net
score RCVD_IN_NERDS_MX 2.0
header RCVD_IN_NERDS_NG eval:check_rbl_sub('nerds','127.0.2.54')
describe RCVD_IN_NERDS_NG Received from Nigera
tflags RCVD_IN_NERDS_NG net
score RCVD_IN_NERDS_NG 3.5
header RCVD_IN_NERDS_RU eval:check_rbl_sub('nerds','127.0.2.131')
describe RCVD_IN_NERDS_RU Received from Russia
tflags RCVD_IN_NERDS_RU net
score RCVD_IN_NERDS_RU 2.5
header RCVD_IN_NERDS_SG eval:check_rbl_sub('nerds','127.0.2.190')
describe RCVD_IN_NERDS_SG Received from North Singapore
tflags RCVD_IN_NERDS_SG net
score RCVD_IN_NERDS_SG 2.0
header RCVD_IN_NERDS_TW eval:check_rbl_sub('nerds','127.0.0.158')
describe RCVD_IN_NERDS_TW Received from South Taiwan
tflags RCVD_IN_NERDS_TW net
score RCVD_IN_NERDS_TW 2.5
header RCVD_IN_NERDS_TH eval:check_rbl_sub('nerds','127.0.2.252')
describe RCVD_IN_NERDS_TH Received from Thailand
tflags RCVD_IN_NERDS_TH net
score RCVD_IN_NERDS_TH 2.5
header RCVD_IN_NERDS_TR eval:check_rbl_sub('nerds','127.0.3.24')
describe RCVD_IN_NERDS_TR Received from Turkey
tflags RCVD_IN_NERDS_TR net
score RCVD_IN_NERDS_TR 2.0
header RCVD_IN_NERDS_NL eval:check_rbl_sub('nerds','127.0.2.16')
describe RCVD_IN_NERDS_NL Received from NL
tflags RCVD_IN_NERDS_NL net
score RCVD_IN_NERDS_NL -2.0
body FIETS /\bFiets\b/i
score FIETS 1 2 3 4
The LAMP and FIETS are working fine but the RCVD_IN_NERDS does not appear.
I have been testing with this for almost a day now but I am not making any
progress.
How can I debug the result of nerds?
I tested dig 184.182.126.80.zz.countries.nerd.dk which gave the result:
;; ANSWER SECTION:
184.182.126.80.zz.countries.nerd.dk. 2100 IN A 127.0.2.16
That looks fine to me.
Thank you again in advance
Ron Groen
-----Oorspronkelijk bericht-----
Van: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] Namens
mailscanner at aha4adsl.nl
Verzonden: woensdag 3 januari 2007 18:02
Aan: mailscanner at lists.mailscanner.info
Onderwerp: FW: IP country block possible?
Hello Developers,
Although MailScanner is doing a good job on our servers the number of false
passes are rather high.
We mainly have Dutch and Belgium contacts and therefore want to block
non-Dutch IP-ranges.
There are several databases, like IP2location, available to find out from
which country/network the email is coming from.
1) Is there a way to implement these functions in MailScanner and/or
SpamAssassin? We find the current blacklist possibilities rather limited
(the ip2location database has 60000 records like:
"62.4.75.0","62.4.75.31","1040468736","1040468767","NL","Netherlands"
"62.4.75.32","62.4.75.79","1040468768","1040468815","DE","Germany"
"62.4.75.80","62.4.75.95","1040468816","1040468831","NL","Netherlands")
2) an other option is to run your own blacklist server but in combination
with a mysql/php/perl database. Is there any documentation at that point?
3) can it be implemented in MailScanner directly?
With options like
Countries Allow = NL BE US
Countries Blocked = JP TW
We had scanned the lists.mailscanner.info but could not find any related
topics.
With kind regards,
Ron Groen
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list