Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - How to allow IP range?
  FAQ FAQ  Forum Search   Register Register  Login Login

How to allow IP range?

 Post Reply Post Reply
Author
Alan View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alan Quote  Post ReplyReply Direct Link To This Post Topic: How to allow IP range?
    Posted: 06 June 2003 at 12:54pm

What format does an IP range or subnet need to take in the Excluded IP whitelist?

I want to included Excluded Domains for certain domains we want unfiltered, but often these domain names are spoofed by spammers, so I would like to exclude them by IP address range instead.

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 06 June 2003 at 1:03pm

Alan,

A simple DOS-like wildcard entry will do the job. For ex. to exclude the Class C 1.2.3.1-1.2.3.255 just add:

1.2.3.*

so any IP starting with 1.2.3. will trigger a match.

Roberto Franceschetti
LogSat Software

Back to Top
Alan View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alan Quote  Post ReplyReply Direct Link To This Post Posted: 06 June 2003 at 3:57pm

But I only want a specific range of addressing.

for instance how would I enter a range like xxx.yyy.13.121 to xxx.yyy.13.126?

 

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 06 June 2003 at 5:00pm

The domain/IP whitelist is treated as a string, so only string-type wildcards are allowed. It is not possible to enter IP ranges. This was by design, as it's rather unusual having to allow specific IPs but not adjacent ones in the same subnet, and designing the functionality as we did optimized our lookups a little bit.

Roberto F.
LogSat Software

Back to Top
George View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote George Quote  Post ReplyReply Direct Link To This Post Posted: 07 June 2003 at 12:38am
This is something that could be done at the router with the access control list. You would have better control. The only drawback is any messages that come from the blocked IP's would not be quarantined since the connection would not be allowed past the router. If you don't have access to the router you would have the have your provider do it for you.
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 07 June 2003 at 1:14am

Geroge,

Most, if not all backbone providers have a policy that won't allow them to block SOURCE addresses, only DESTINATION address.  This is to prevent possible liability suits.  This is even true in the case of a DOS attack.  The provider will prevent ANY traffic to the IP or IP's on YOUR network.  They also tend to schedule a "release" ot the block.  I know of no providers that will actualy block an IP just for port 25.  It would be to "costly" for them due to the large number of customers.  I think your first choice of putting a block in HIS router is the corect answer and if the address is actually being spoofed, the block may not work anyway.  We try to keem ACL's at a minimum on all our routers due to the high overhead.  Prefix lists are somewhat easier to manage but still, I thin the block should be at the SMTP server itself.

The only other answer it to hunt down and seriously wound any and all Spammers and hackers.  I get tired of fighting jerks all the time.  Thats another discussion.

Dan S.

Back to Top
George View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote George Quote  Post ReplyReply Direct Link To This Post Posted: 07 June 2003 at 1:37am

Hmmm,
I guess I'm lucky since I have had my upstream provider block IP address's when needed and ports 135,137 ,139 and 445. I guess it depends on who you know. ;)

Back to Top
Alan View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alan Quote  Post ReplyReply Direct Link To This Post Posted: 09 June 2003 at 12:52pm
George i am not trying to block IP ranges, I am looking at a way to allow certain IP ranges to bypass filtering.  Right now it appears the only way is to manually enter all the IP's in thet IP range.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.254 seconds.