blocking IPs to reduce spam

Discussion in 'Networking & Security' started by Fark_Maniac, Jul 9, 2009.

  1. Fark_Maniac

    Fark_Maniac 2[H]4U

    Messages:
    2,438
    Joined:
    Feb 21, 2002
    I'm working on a personal project to block all countries except the US and England. I've seen warnings a few times stating that it isn't a good idea to block entire countries to reduce spam...but they never say why it is a bad idea. In my case, I run a personal mail server and only interact with the US and England...nowhere else.

    I don't see why this is a bad idea in my case.
     
  2. XOR != OR

    XOR != OR [H]ardForum Junkie

    Messages:
    11,549
    Joined:
    Jun 17, 2003
    It isn't. Not really. You do run the risk, in extreme cases, that some of the main providers having IPs in foreign countries which would be blocked by your setup. But honestly, I've never run in to that.
     
  3. xphil3

    xphil3 [H]ard|Gawd

    Messages:
    1,212
    Joined:
    Nov 11, 2005
    sounds like a good idea to me. Do it up.
     
  4. Fark_Maniac

    Fark_Maniac 2[H]4U

    Messages:
    2,438
    Joined:
    Feb 21, 2002
    heh, this'll take a while...lots of ranges to block. I have all the IP ranges for the US and England...I've got them combined and sorted, now I need to go through all the lines and figure out what ranges to block.
     
  5. Xipher

    Xipher 2[H]4U

    Messages:
    2,621
    Joined:
    Mar 15, 2004
    Keep in mind that address ranges are allocated to a specific entity, really based on country. While entity the address space is allocated to is originating from one country, they may use address space else where outside of that region.
     
  6. xphil3

    xphil3 [H]ard|Gawd

    Messages:
    1,212
    Joined:
    Nov 11, 2005
    Why not block everything and only allow what you already know(since you already did the leg work and found the ranges of the US and England). If this is on a Cisco(I have the problem of always assuming this :D) then its CAAAAAAAKE. GL man.
    http://www.ipaddresslocation.org/ip_ranges/get_ranges.php
    I remember seeing this awhile back, granted you're right about ranges being registered to entities but I think his idea will probably help out with a good amount of "trash".
     
    Last edited: Jul 9, 2009
  7. MrGuvernment

    MrGuvernment [H]ard as it Gets

    Messages:
    19,169
    Joined:
    Aug 3, 2004
    What software are you running for a mail server, or is this for your personal email account?
     
  8. Xipher

    Xipher 2[H]4U

    Messages:
    2,621
    Joined:
    Mar 15, 2004
    Yea, I'm not saying it's a bad idea I'm just wanting to make sure the op is informed about what he is doing. I personally blacklist china and korea using the lists from http://www.openbsd.org/spamd/
     
  9. Fark_Maniac

    Fark_Maniac 2[H]4U

    Messages:
    2,438
    Joined:
    Feb 21, 2002
    originally, that's how I thought about doing it...but I'm really going to have to learn how IPTABLES work. I intend on doing this to two environments. One is my domain that I host on my residential line. Firewall is a WRT54G running DDWRT; blocking will have to be done using IPTABLES as the gui will not let you block by IPs. Second environment is a colo'd tower server I built for a local non-profit that is protected by a WatchGuard X10e firewall appliance...they don't need to be dealing with foreign connections either. There, I just copy/paste the IP ranges to block in CIDR format into the config file (following their syntax) and done and simple. In both environments, the OS is XP and the software is HMail. It is pretty nice software and does a really good job blocking most spam. This software combo is setup because I need an environment that is standard for me and easy to work with.
     
  10. MrGuvernment

    MrGuvernment [H]ard as it Gets

    Messages:
    19,169
    Joined:
    Aug 3, 2004
    i was thinking cauxe Exchange has GFI mail tools, and you can choose countries to block, top level domains and so on, makes it dam easy to block %99 of spam in Exchange.
     
  11. Fark_Maniac

    Fark_Maniac 2[H]4U

    Messages:
    2,438
    Joined:
    Feb 21, 2002
    :) yeah, that would be nice...
     
  12. xtox

    xtox Limp Gawd

    Messages:
    242
    Joined:
    Jul 8, 2004
    What if someone is mailing away on vacation?

    I have always heard of people blocking countries IP ranges but I think it's a stupid idea!
     
  13. Toytown

    Toytown Gawd

    Messages:
    996
    Joined:
    Jan 13, 2005
    I used to do it on our companies mail server, i also used to block all email from .info/.biz domains, it reduced the spam quite a lot. Another way to reduce a lot of spam is to simply add all of comcast/atts dynamic ip range and whitelist there mailservers.

    However the best way might be to simply add the ips's to whatever spamfilters you have, so instead of getting them blocked outright you have them all drop into the spamfolder, this will at least give your users a chance to get the good emails.
     
  14. Fark_Maniac

    Fark_Maniac 2[H]4U

    Messages:
    2,438
    Joined:
    Feb 21, 2002
    If you are away on vacation...and use either your company account, your yahoo/gmail/hotmail or any other web-based accounts, then the mail will still originate from a mail server with an allowed IP...so long as the web based access isn't hosted on the server behind the firewall. That would only affect me and I don't get out of the country that often.
     
  15. xphil3

    xphil3 [H]ard|Gawd

    Messages:
    1,212
    Joined:
    Nov 11, 2005
    Also keep in mind that if that country has any kind of presence(mail server wise) in another country(think gmail servers) they're going to use the closest server to route the mail out of as per their routing design. xtox did bring up a valid point but made himself look like an idiot with his next comment. Kids these days...
     
  16. Stanley Pain

    Stanley Pain 2[H]4U

    Messages:
    2,386
    Joined:
    Apr 5, 2001
  17. killab33

    killab33 Limp Gawd

    Messages:
    345
    Joined:
    Jul 10, 2009
    supposidly the only way you can get spam is releasing your email to places that you don't even know of. sometimes you gotta watch those sites cause they'll take your email add it to the listing and INSTANTANEOUS SPAM.

    spam filters :/