You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by John Rudd <jr...@ucsc.edu> on 2009/04/08 21:44:29 UTC
Slightly OT: identifying IP source locations
I know there used to be a nice convenient set of RBL's based upon
countries, such that you could easily track an IP address back to
which country it came from. But, IIRC, that RBL went under.
1) Does anyone know of a convenient command line tool (perl library
being ideal) that lets you give it an IP address, and it tells you the
country and/or continent (and that's it)?
2) similarly, does anyone know of a command line tool where you can
give it a country and/or continent, and it will generate concise IP
addresses ranges (like A.B.C.D-E.F.G.H) that have been allocated to
that country/continent? (and by "concise", I mean compacted into as
few range statements as possible, to minimize the number of lines)
(it's only slightly OT, because I plan to use this for fighting some
internal spam problems we've been having; but it wouldn't be part of
our spam assassin infrastructure)
John
Re: Slightly OT: identifying IP source locations
Posted by Benny Pedersen <me...@junc.org>.
On Wed, April 8, 2009 21:44, John Rudd wrote:
> I know there used to be a nice convenient set of RBL's based upon
> countries, such that you could easily track an IP address back to
> which country it came from. But, IIRC, that RBL went under.
http://countries.nerd.dk/
[snip]
--
http://localhost/ 100% uptime and 100% mirrored :)
Re: Slightly OT: identifying IP source locations
Posted by Bill Landry <bi...@inetmsg.com>.
John Rudd wrote:
> I know there used to be a nice convenient set of RBL's based upon
> countries, such that you could easily track an IP address back to
> which country it came from. But, IIRC, that RBL went under.
>
> 1) Does anyone know of a convenient command line tool (perl library
> being ideal) that lets you give it an IP address, and it tells you the
> country and/or continent (and that's it)?
>
> 2) similarly, does anyone know of a command line tool where you can
> give it a country and/or continent, and it will generate concise IP
> addresses ranges (like A.B.C.D-E.F.G.H) that have been allocated to
> that country/continent? (and by "concise", I mean compacted into as
> few range statements as possible, to minimize the number of lines)
>
> (it's only slightly OT, because I plan to use this for fighting some
> internal spam problems we've been having; but it wouldn't be part of
> our spam assassin infrastructure)
You might start your search here:
http://software77.net/cgi-bin/ip-country/geo-ip.pl
Bill
Re: Slightly OT: identifying IP source locations
Posted by Kai Schaetzl <ma...@conactive.com>.
John Rudd wrote on Fri, 10 Apr 2009 06:58:04 -0700:
> For the Denied feature, I have to enter them one by one (new line or
> comma separated), or in ranges like I gave above. I don't think it
> accepts CIDR blocks. Thus, the reason I want the type of list I gave.
I really cannot see a reason to do that thru the mailserver software. If
you want to block for all or many ports you simply get all the IPs of a
country you wish to block and put them in the firewall.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: Slightly OT: identifying IP source locations
Posted by John Rudd <jr...@ucsc.edu>.
On Thu, Apr 9, 2009 at 08:31, Kai Schaetzl <ma...@conactive.com> wrote:
> John Rudd wrote on Wed, 8 Apr 2009 12:44:29 -0700:
>
>> 1) Does anyone know of a convenient command line tool (perl library
>> being ideal) that lets you give it an IP address, and it tells you the
>> country and/or continent (and that's it)?
>
> google for GeoIP.
>
>>
>> 2) similarly, does anyone know of a command line tool where you can
>> give it a country and/or continent, and it will generate concise IP
>> addresses ranges (like A.B.C.D-E.F.G.H) that have been allocated to
>> that country/continent? (and by "concise", I mean compacted into as
>> few range statements as possible, to minimize the number of lines)
>
> You want to block by country? milter-greylist has GeoIP support built-in
> and allows to black/grey/whitelist on country.
>
We use CommuniGate Pro, which has a "Denied IP Addresses" feature,
which rejects connections on ALL ports. This differs from their DNSBL
support (called "Blackholed IP Addresses"), in that the Blackhole
feature only rejects email messages. The Denied IP Address feature
also affects connection attempts to IMAP, POP, WebMail, and CGP's
other features/services. So it's more comprehensive.
(and, it is unfortunately necessary, but I wont go into details here ... )
Unfortunately, it doesn't support DNSBL's for use in the Denied IP
Address feature. So I can't just say "ng.countries.blackholes.us" and
have it work. I can do that for their "Blackhole" feature, but not
for the "Denied" feature.
For the Denied feature, I have to enter them one by one (new line or
comma separated), or in ranges like I gave above. I don't think it
accepts CIDR blocks. Thus, the reason I want the type of list I gave.
Luckily, I was wrong about countries.blackholes.us ... they are up and
running. And their rbldnsd data is in cidr blocks, so I'll probably
convert that to ranges. Now I just have to convince the management
here that it's worth doing.
Re: Slightly OT: identifying IP source locations
Posted by Kai Schaetzl <ma...@conactive.com>.
John Rudd wrote on Wed, 8 Apr 2009 12:44:29 -0700:
> 1) Does anyone know of a convenient command line tool (perl library
> being ideal) that lets you give it an IP address, and it tells you the
> country and/or continent (and that's it)?
google for GeoIP.
>
> 2) similarly, does anyone know of a command line tool where you can
> give it a country and/or continent, and it will generate concise IP
> addresses ranges (like A.B.C.D-E.F.G.H) that have been allocated to
> that country/continent? (and by "concise", I mean compacted into as
> few range statements as possible, to minimize the number of lines)
You want to block by country? milter-greylist has GeoIP support built-in
and allows to black/grey/whitelist on country.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: Slightly OT: identifying IP source locations
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Wed, 2009-04-08 at 13:00 -0700, Bill Landry wrote:
> John Rudd wrote:
> > I know there used to be a nice convenient set of RBL's based upon
> > countries, such that you could easily track an IP address back to
> > which country it came from. But, IIRC, that RBL went under.
> > (it's only slightly OT, because I plan to use this for fighting some
> > internal spam problems we've been having; but it wouldn't be part of
> > our spam assassin infrastructure)
>
> There is also the RelayCountry plugin (requires the IP::Country::Fast
> perl module). From the SpamAssassin INSTALL file:
>
> - IP::Country::Fast (from CPAN)
>
> Used by the RelayCountry plugin (not enabled by default) to
> determine the domain country codes of each relay in the path
> of an email.
Yup, this one came up recently. Creating rules against the Relay-Country
header is trivial. Unfortunately, the POD [1] is rather sparse on
information. The wiki [2] shows some much better docs.
[1] http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_RelayCountry.html
[2] http://wiki.apache.org/spamassassin/RelayCountryPlugin
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Slightly OT: identifying IP source locations
Posted by Bill Landry <bi...@inetmsg.com>.
John Rudd wrote:
> I know there used to be a nice convenient set of RBL's based upon
> countries, such that you could easily track an IP address back to
> which country it came from. But, IIRC, that RBL went under.
>
> 1) Does anyone know of a convenient command line tool (perl library
> being ideal) that lets you give it an IP address, and it tells you the
> country and/or continent (and that's it)?
>
> 2) similarly, does anyone know of a command line tool where you can
> give it a country and/or continent, and it will generate concise IP
> addresses ranges (like A.B.C.D-E.F.G.H) that have been allocated to
> that country/continent? (and by "concise", I mean compacted into as
> few range statements as possible, to minimize the number of lines)
>
> (it's only slightly OT, because I plan to use this for fighting some
> internal spam problems we've been having; but it wouldn't be part of
> our spam assassin infrastructure)
There is also the RelayCountry plugin (requires the IP::Country::Fast
perl module). From the SpamAssassin INSTALL file:
- IP::Country::Fast (from CPAN)
Used by the RelayCountry plugin (not enabled by default) to
determine the domain country codes of each relay in the path
of an email.
You might also consider the URICountry plugin.
Bill