Hacking GeoIP.dat
Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5720
Printed Date: 31 July 2025 at 11:16am
Topic: Hacking GeoIP.dat
Posted By: sgeorge
Subject: Hacking GeoIP.dat
Date Posted: 18 July 2006 at 11:37am
I have a very odd request. I would like to have my own country (wouldn't we all!).  Actually, I just want SpamFilter to think that I have my own country - I want to add a custom entry into the country filter blacklist. I want this pseudo-country to supposedly have every i.p. address on the internet, minus one, let's call it 123.123.123.123. By blacklisting this "country" and turning on the country filter for only one of my domains, I can effectively make it so that that domain only accepts email from a single sending i.p. address, while my other domains can rely on the more conventionally used IP Blacklist.Is this possible? Does anyone know how to mess with the i.p. -> country mapping file, GeoIP.dat? Thanks for putting up with my weirdness.  Stephen |
Replies:
Posted By: StevenJohns
Date Posted: 31 August 2006 at 5:43am
|
answering a question with a question !!!! Does the keyword filtering check the headers as well??? If so, could you write a regex that checks the recieving domain and also checks that the email was recieved from the IP in question? Again, I dont know if the keyword searches the headers, and I dont know how to write regex, but maybe it could be done. just a thought. |
Posted By: LogSat
Date Posted: 31 August 2006 at 8:09am
|
To answer the headers question, only the "Received:" headers are scanned. We were seing way too many false positives by scanning all other headers...
------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: StevenJohns
Date Posted: 31 August 2006 at 9:38am
| Does that suggest that the keyword filter wouldn't know what the recieving domain is ?? |
Posted By: LogSat
Date Posted: 31 August 2006 at 3:51pm
|
Correct. The keyword filter just scans the email body and subject for keywords. Other filters who act on the recipient will know what the receiving domain is.
------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: StevenJohns
Date Posted: 01 September 2006 at 5:30am
| err, ok..."other filters"....please elaborate. |
Posted By: LogSat
Date Posted: 01 September 2006 at 10:27am
|
I'm not sure what you're asking... For example the whitelist "Email FROM" filter looks at the recipient to see it's domain. The County blacklist filter doesn't care about the recipient's domain, so it will not look at it. Filters that look incontent, like the keywords, SURBL, and Bayesian filters, do not look at neither senders nor recipients. Each filter acts upon something. Sometimes it's the sender's domain. Sometime it's the sender's IP. Sometime it's the recipient's email, etc. ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |