[Phpwm] Software Patents Petition

Phil Beynon phil at infolinkelectronics.co.uk
Thu Jan 4 16:45:11 GMT 2007


> The thread about selectively blocking emails by region is interesting.
> Can you give a guide to sources of information about how IP addresses
> are structured so we can pick our black list as well. (Let's call that a
> block list so as not to create any incorrect impressions!)
> alan dunn
>

It would be great if I could find a definitive list of IP addresses and the
countries they related to, I'd have a field day with that data!
What I do is go through the emails that I receive I don't want, plus some
from spam traps on customers sites and extract the IP addresses from the
headers, forget about the email return path address, it will be spoofed -
its a waste of time blocking those.
If I then want to determine the location I use a program called Neotrace,
which tracks a path back to the sending IP - based upon this data I then
decide what happens to that IP address.
I've a feeling that neotrace might not be available anymore, I've had it a
while and I recall that the company that did it might have been taken over
by Symantec - but I dont think they subsequently released it under their own
auspices.

A reject list might be the best name for it, as the emails still reach the
server but dont get to the users.
One thing to do though is when you have the IP address that you want to
reject put the rejection message in the /etc/mail/access file in capitals,
that way you can do 'grep -c REJECT /var/maillog'.
This will come back with a pattern match as to how many instances of REJECT
have been seen in the maillog file since it last rotated, giving feedback to
how effective your blocking strategy is.

Phil




More information about the Phpwm mailing list