Hmmm,
I guess I'm lucky since I have had my upstream provider block IP address's when needed and ports 135,137 ,139 and 445. I guess it depends on who you know. ;)

Geroge,

Most, if not all backbone providers have a policy that won't allow them to block SOURCE addresses, only DESTINATION address.  This is to prevent possible liability suits.  This is even true in the case of a DOS attack.  The provider will prevent ANY traffic to the IP or IP's on YOUR network.  They also tend to schedule a "release" ot the block.  I know of no providers that will actualy block an IP just for port 25.  It would be to "costly" for them due to the large number of customers.  I think your first choice of putting a block in HIS router is the corect answer and if the address is actually being spoofed, the block may not work anyway.  We try to keem ACL's at a minimum on all our routers due to the high overhead.  Prefix lists are somewhat easier to manage but still, I thin the block should be at the SMTP server itself.

The only other answer it to hunt down and seriously wound any and all Spammers and hackers.  I get tired of fighting jerks all the time.  Thats another discussion.

Dan S.

The domain/IP whitelist is treated as a string, so only string-type wildcards are allowed. It is not possible to enter IP ranges. This was by design, as it's rather unusual having to allow specific IPs but not adjacent ones in the same subnet, and designing the functionality as we did optimized our lookups a little bit.

Roberto F.
LogSat Software

But I only want a specific range of addressing.

for instance how would I enter a range like xxx.yyy.13.121 to xxx.yyy.13.126?

Alan,

A simple DOS-like wildcard entry will do the job. For ex. to exclude the Class C 1.2.3.1-1.2.3.255 just add:

1.2.3.*

so any IP starting with 1.2.3. will trigger a match.

Roberto Franceschetti
LogSat Software

What format does an IP range or subnet need to take in the Excluded IP whitelist?

I want to included Excluded Domains for certain domains we want unfiltered, but often these domain names are spoofed by spammers, so I would like to exclude them by IP address range instead.