Spam Filter ISP Support - Format of the IP blacklist

Print Page | Close Window

Format of the IP blacklist

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5074
Printed Date: 26 December 2024 at 8:17pm

Topic: Format of the IP blacklist

Posted By: Cire
Subject: Format of the IP blacklist
Date Posted: 24 February 2005 at 4:34pm

Is it possible to enter IP ranges in the IP blacklist? For example, if I want to block 218.237.0.0-218.239.255.255 how would it be entered?

Thanx - Cire

Replies:

Posted By: LogSat
Date Posted: 24 February 2005 at 6:20pm

Cire,

Ranges cannot be entered as the blacklist are expecting strings and string wildcards. In your example you will need to enter 3 entries:

218.237.0.0
218.238.0.0
218.239.0.0

to block all 3 subnets.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: Cire
Date Posted: 25 February 2005 at 9:33am

So, just to make sure I understand this completely. A 0 is a wildcard? So, 218.237.0.0 means to block 218.237.0.0/16, correct? This method seems to me to have some problems. What if you wanted to block was 218.237.0.0/24?

Thanx - Cire

Posted By: LogSat
Date Posted: 25 February 2005 at 3:35pm

You are right, that would be a problem, as the whole 218.237.xx.xx network would be blocked by entering 218.237.0.0.

We won't be able to change this behavior as doing so would "break" all the IP lists being used by users. An option may be to just limit the wildcard to a class C pool of addresses, thus considering only the last zero as a wildcard.

We'll be thinking this over and maybe run a poll for our users to see what the preference would be.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: pcmatt
Date Posted: 27 February 2005 at 11:34pm

There are problems with any one method of blocking or whitelisting, that's why SpamFilter gives us the variety of blocking and whitelisting capabilities.

The answer to how do you block 218.237.0.0/24 is that you list 254 IP's. Rarely a necessity. It's more likely that you would want to block 218.237.0.0 and whitelist 218.237.0.* which the program handles just fine as is.

So, my vote is that it's useful to be able to block using two wildcards.

My vote is to leave it as is having a global available for the last two bytes until SpamFilter can calculate the IP's in memory and we can list subnets in simpliest format using IP/Mask in the blocklist like http://openrbl.org/whois?i=82.154.0.0&f=2 - 82.154.0.0 /15 for the range http://openrbl.org/whois?i=82.155.0.0&f=2 - 82.155.0.0 - 82.155.127.255

-------------
-Matt R

Posted By: Desperado
Date Posted: 28 February 2005 at 12:58am

For what it is worth, my vote is to run your own dnsbl list as we do. That gives you the ability to block what and only what you want to block.

Dan S.

-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Posted By: Cire
Date Posted: 28 February 2005 at 9:12am

Dan,

How did you implement your own dnsbl?

Thanx - Cire

Posted By: Desperado
Date Posted: 28 February 2005 at 4:32pm

Cire,

First of all, it really depends on what OS you are using for DNS BUT ...

The first thing you will want to do is create a "Delegation" to the DNS Server that will be hosting the DNSBL zones.   So, in my setup, the dnsbl is hosted on "resolver.mags.net" and mags.net is hosted on several dns servers but the Primary DNS is on "ns1.mags.net".   In the "mags.net" zone file on that server I have:

; Delegated sub-zone: dnsbl.mags.net.
;
dnsbl    NS    resolver.mags.net.
; End delegation

On the server "resolver.mags.net, I have a Forward zone file "dnsbl.mags.net"

If I want to block 100.50.25.10 I have an entry in the zone file of:
10.25.50.100    A    127.0.0.2

If I want to block 100.50.25.0/24 I have:
*.25.50.100 A 127.0.0.2

Does this help?

Regards,
Dan S.

-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Print Page | Close Window