[lug] Blocking spam by blocking partial IP
D. Stimits
stimits at comcast.net
Mon May 9 12:29:03 MDT 2005
Bill Thoen wrote:
> I have been getting about 200 spams a day, and finally decided to simply
> block the two worst offenders by putting their partial IP's in my
> /etc/mail/access file like so:
>
> 218.1 REJECT
> 222 REJECT
>
> This worked great. Last night's log showed lots and lots of messages
> from these turkeys that got turned back at the door.
>
> However, I'm a bit concerned about blocking everything from IPs that start
> with 222. When I check with whois, I can't get any details on who is
> assigned to any of the subnets under 222. I don't mind blockng anybody
> from China or Korea, but I don't want to block Japanese or Australian
> email.
>
> Is there any way to discover any more details on the 222 IP other than
> it's managed by APNIC?
I always find it to be a big pain that there is no integrated lookup
facility, that there are so many places I have to look to get an answer.
The closest I've found is APNIC's map of who to look for in different
parts of the world:
http://www.apnic.net/info/faq/abuse/index.html#3
If you put your mouse over the map, you'll see it links to all of the
different primary DNS providers around the world. The list you'll be
interested in:
http://www.ripe.net/perl/whois
http://www.apnic.net/index.html
http://www.arin.net/whois/index.html
http://lacnic.net/cgi-bin/lacnic/whois
D. Stimits, stimits AT comcast DOT net
More information about the LUG
mailing list