Re: [cobalt-users] RaQ4i Block entire country from SMTP - How?

[flash22@xxxxxxx]

On Thu, 7 Feb 2002, Wayne Sagar wrote:

> I've tried several methods to accomplish this. I thought just putting in .kr 
> on the GUI in the reject list would block all incoming mail from Korea but 
> it doesn't work.

Nope, it can't do a whole tld ;P

> 
> If I wanted to block that entire extension (I get hundreds of emails to the 
> server daily, all spam from various .kr domains or somethiing.something.kr)

But there's also lots of net/com's in .kr, where most of it is really
coming from is kornet, use apnic, it' sa great tool :)

> 
> Any clues? I don't want to block the entire asia pacific net block because 
> we do get ligit mail from some asian contries.. just not Korea..

They are number 2 behinf china ;P

anyhow, here' skornet's block lists from apnic, this will stop maybe 80%,
most of those machines are open relay's btw

You will need to reformat as /c blocks, the onlt thing sendmail
understands

APNIC-KORNET [korea telecom - services]
211.226.0.0 - 211.231.255.255
61.72.0.0 - 61.77.255.255
211.216.0.0 - 211.225.255.255
218.144.0.0 - 218.159.255.255

kornet's main outbound relay server's are in the 211.48.62. block, that
will help if  you don't want to list everything, unfortunatly, kornet,
instead of fixing their servers , now appears to be shielding them from
the open relay lists


the 61* block seems to be relay input very often, it's probably dialup

Unfortunatly, a lot of what's being relayed in from .kr address space is
in fact originating in .jp, .uk, .au, and especially, the us, sigh

Please understand that you can NOT completly eliminate blocking related
asia pacific countries when blocking this address range, there are cross
peering routes in these blocks.

Other blocks in .kr

KRNIC
202.30.0.0 - 202.31.255.255   [kr whois is in here, never seen spam]

[The rest of these don't necessarily belong to krnic, they are just
unregistered with apnic, krnic may know whose they are, but noone else
does ;P][no, i'm not gonna look them all up, see note about cross peering]

210.100.0.0 - 210.103.223.255
 61.248.0.0 - 61.255.255.255
 61.96.0.0 - 61.111.255.255
211.172.0.0 - 211.199.255.255
211.168.0.0 - 211.171.255.255
211.104.0.0 - 211.119.255.255
211.52.0.0 - 211.63.255.255
211.40.0.0 - 211.41.255.255  [bora.net/dacom.co.kr]
211.32.0.0 - 211.39.255.255
210.204.0.0 - 210.207.255.255
210.220.0.0 - 210.223.255.255
210.216.0.0 - 210.219.255.255
210.90.0.0 - 210.91.255.255
210.178.0.0 - 210.183.255.255
210.92.0.0 - 210.95.255.255
210.96.0.0 - 210.97.191.255
210.97.192.0 - 210.97.255.255
210.98.0.0 - 210.98.255.255 
210.99.0.0 - 210.99.255.255
210.100.0.0 - 210.103.223.255
210.103.224.0 - 210.103.255.255
210.104.0.0 - 210.107.255.255
210.108.0.0 - 210.115.255.255
210.116.0.0 - 210.123.255.255
210.124.0.0 - 210.127.255.255
202.30.0.0 - 202.31.255.255
203.232.0.0 - 203.239.255.255
203.244.0.0 - 203.247.255.255
203.248.0.0 - 203.255.255.255
203.240.0.0 - 203.243.255.255
203.226.0.0 - 203.231.255.255
211.232.0.0 - 211.255.255.255
211.42.0.0 - 211.51.255.255
203.225.0.0 - 203.225.255.255
203.224.0.0 - 203.224.255.255
202.20.99.0 - 202.20.99.255
202.20.128.0 - 202.20.255.255
202.20.83.0 - 202.20.86.255
202.20.82.0 - 202.20.82.255
202.21.0.0 - 202.21.7.255
202.14.165.0 - 202.14.165.255
202.14.103.0 - 202.14.103.255
202.6.95.0 - 202.6.95.255

Still wanna list all .kr ?

PS:The 'holes' in the above list are mostly .jp

FWIW, some of the stuff that appears to come from .kr is in
fact
faking it ;P

For example this isn't from .kr

Received: from ssymail.ssy.co.kr ([88.175.91.144])
[It's a reserved IP block ;P]

Last but not least,any attempt to block by domain name isn't going to work
well, nearly all of .kr's address space has faulty reverse dns, I've had
traceroutes go through 15 hops without finding a single named IP :(

The information in this post reflects my personal views and it not the
responsability of, or in any way endorsed by sun/cobalt

gsh