Print Page | Close Window

How to allow IP range?

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=820
Printed Date: 20 July 2018 at 5:05am


Topic: How to allow IP range?
Posted By: Guests
Subject: How to allow IP range?
Date Posted: 06 June 2003 at 12:54pm

What format does an IP range or subnet need to take in the Excluded IP whitelist?

I want to included Excluded Domains for certain domains we want unfiltered, but often these domain names are spoofed by spammers, so I would like to exclude them by IP address range instead.




Replies:
Posted By: LogSat
Date Posted: 06 June 2003 at 1:03pm

Alan,

A simple DOS-like wildcard entry will do the job. For ex. to exclude the Class C 1.2.3.1-1.2.3.255 just add:

1.2.3.*

so any IP starting with 1.2.3. will trigger a match.

Roberto Franceschetti
LogSat Software



Posted By: Guests
Date Posted: 06 June 2003 at 3:57pm

But I only want a specific range of addressing.

for instance how would I enter a range like xxx.yyy.13.121 to xxx.yyy.13.126?

 



Posted By: LogSat
Date Posted: 06 June 2003 at 5:00pm

The domain/IP whitelist is treated as a string, so only string-type wildcards are allowed. It is not possible to enter IP ranges. This was by design, as it's rather unusual having to allow specific IPs but not adjacent ones in the same subnet, and designing the functionality as we did optimized our lookups a little bit.

Roberto F.
LogSat Software



Posted By: Guests
Date Posted: 07 June 2003 at 12:38am
This is something that could be done at the router with the access control list. You would have better control. The only drawback is any messages that come from the blocked IP's would not be quarantined since the connection would not be allowed past the router. If you don't have access to the router you would have the have your provider do it for you.


Posted By: Desperado
Date Posted: 07 June 2003 at 1:14am

Geroge,

Most, if not all backbone providers have a policy that won't allow them to block SOURCE addresses, only DESTINATION address.  This is to prevent possible liability suits.  This is even true in the case of a DOS attack.  The provider will prevent ANY traffic to the IP or IP's on YOUR network.  They also tend to schedule a "release" ot the block.  I know of no providers that will actualy block an IP just for port 25.  It would be to "costly" for them due to the large number of customers.  I think your first choice of putting a block in HIS router is the corect answer and if the address is actually being spoofed, the block may not work anyway.  We try to keem ACL's at a minimum on all our routers due to the high overhead.  Prefix lists are somewhat easier to manage but still, I thin the block should be at the SMTP server itself.

The only other answer it to hunt down and seriously wound any and all Spammers and hackers.  I get tired of fighting jerks all the time.  Thats another discussion.

Dan S.



Posted By: Guests
Date Posted: 07 June 2003 at 1:37am

Hmmm,
I guess I'm lucky since I have had my upstream provider block IP address's when needed and ports 135,137 ,139 and 445. I guess it depends on who you know. ;)



Posted By: Guests
Date Posted: 09 June 2003 at 12:52pm
George i am not trying to block IP ranges, I am looking at a way to allow certain IP ranges to bypass filtering.  Right now it appears the only way is to manually enter all the IP's in thet IP range.



Print Page | Close Window