how to block ranges of IPs for ISPs and countries
Question asked by Eric Bourland - December 3, 2014 at 4:45 AM
Answered
SmarterMail 13
 
Good morning.
 
Scarab posted a very useful comment about blocking IP addresses of particular countries and also particular IP ranges that belong to particular ISPs that tend to host large numbers of spammers.
 
http://portal.smartertools.com/Main/frmThread.aspx?threadid=833
 
That was a very helpful post but I am not sure how to follow up on it and thought I would start a new thread and get some ideas.
 
I would like to implement a few of these weights and see what effect that has on permanently blocking some spammers. But I am not sure how to:
 
1) derive IP address blocks for ISPs whom I would like to block
2) derive IP address blocks for countries whom I would like to block
 
For starters, I would like to block incoming mail from:
    Chile (CL)
    Bulgaria (BG)
    Romania (RO)
    Russia (RU)
    India (IN)
    Ukraine (UA)
    Malaysia (MY)
    Turkey (TR)
    Slovakia
    Czech Republic
    Serbia
    Croatia
    Hungary
    
I would also like to block incoming mail from some of these guys:
    Psychz Networks
    Krypt Technologies
    B2 Net Solutions Inc.
    Eonix Corporation
    Email Ocean
    Host Sailor Ltd
    Worldstream
    Toqen LLC
    Interactive 3D B.V.
    Limestone Networks, Inc.
 
I see the interface in SmarterMail 13 where I can block ranges of IP addresses: Security ---> Blacklist.
How can I derive correct values for IP ranges to block, for countries and for ISPs?
 
Thank you for your ideas.
 
Eric

6 Replies

Reply to Thread
1
days ago I needed to know some IP ranges for specific countries and used http://services.ce3c.be/ciprg/ to get list and double checked with other sites like http://www.ipdeny.com/ipblocks/
not sure if it's accurate or updated was just trying to find something
 
There are also
Block Visitors by Country Using Firewall :
0
This program has proved helpful:
 
 
Lately I am getting hit by a bunch of addresses from *.in.net. For example:
 
df7t.in.net
kpd8.in.net
hophember.in.net
cleonsigion.in.net
 
... and on and on, from a varying range of IP addresses. I wish there were a way to permanently block all mail from a given domain such as in.net.
2
You can use geobl.spameatingmonkey.net RBL to accomplish this very easily.
 
http://spameatingmonkey.com/lists.html  Then check out the GEM-GEOBL list.  You do have to register with them, but you can create a single RBL test to block any country or countries you want.
 
-Joe
Thanks,
-Joe
0
Joe, thanks for that. I will try it out.
 
I am following this structure: <reversed ip>.b[block_list].[server id].geobl.spameatingmonkey.net
 
 
Interesting. Looks like my config will be:
 
179.188.210.205.bae_al_ao_az_ba_bg_cn_cz_de_hr_hu_iq_ir_kg_kp_kr_lt_lv_md_mk_pk_ro_rs_tm_sk_si_ua.3453140147.geobl.spameatingmonkey.net
 
I will let you know what I find out. Thanks very much for this idea.
 
Eric
0
I also get 0 connections when I look at my SEM user page: http://spameatingmonkey.com/geobl/userhome.html
 
The hostname I use is: ae_al_ao_az_ba_bg_by_cn_cz_de_hr_hu_iq_ir_kg_kp_kr_lt_lv_md_mk_ng_pk_pl_ro_rs_ru_tm_sk_si_ua_vn.3453140147.geobl.spameatingmonkey.net
 
Joe, I really appreciate the careful instructions you posted. I've also done a lot of reading in the Spam Eating Monkey site. Does this configuration look right to you, and do you ever get a value for connections other than zero when you view your statistics at SEM? SEM user page: http://spameatingmonkey.com/geobl/userhome.html

Thanks for your help. =)

Eric
 
0
Blocking of countries seems to be working well. Thank you again to Joe and Tony and the other folks who have responded to this thread.
 
I am still getting hammered hard by spam from *.in.net:
 
dumarram.in.net
chinambe.in.net
nve9.in.net
urd9.in.net
cleonsigion.in.net
hophember.in.net
kpd8.in.net
df7t.in.net
ameryucke.in.net
nd3b.in.net
hourenry.in.net
fn3m.in.net
 
And these guys are spammers from within the US. Any ideas about how I can block these guys?
 
Thank you again for your help.
 
Eric

Reply to Thread