Spam Filter ISP Support - Blacklisted IP Addresses

Print Page | Close Window

Blacklisted IP Addresses

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5220
Printed Date: 31 July 2025 at 4:54pm

Topic: Blacklisted IP Addresses

Posted By: Guests
Subject: Blacklisted IP Addresses
Date Posted: 08 June 2005 at 9:31pm

I may not be understanding this, but I understand that I can block a full C Class of IP addresses by using a "0" as a wildcard at the end(e.g. 200.30.54.0). Is there a way to block a larger block of IP addresses?

An example is I want to block all of Latin America (200.0.0.0 - 200.255.255.255) but I don't want to have to type every C class in my blacklist. I also have already used the country blacklist to block "Mexico", but the spam keeps flowing and the filter doesn't decipher that it's from Mexico and quarantine it. I'm wondering if the wildcard of 200.0.0.0 would work. But at the same time, sometimes I only want to block a group of 4096 hosts, etc.

Any help would be appreciated,

-Dave

Replies:

Posted By: Desperado
Date Posted: 09 June 2005 at 11:51am

Dave,

Your question has been discussed before but the short answer is NO. The problem is that a zero is valid in the second and third octet of an IP address so that 66.66.0.0 will block addresses from 66.66.0.0.to 66.66.0.255.

Regards,

-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Posted By: Guests
Date Posted: 09 June 2005 at 5:14pm

Hey Dan,

Thanks for the info. Thats what I was afraid of. Better get busy. Perhaps Logsat can add this to the "wish list" This feature is standard in most enterprise email server software, so I would think that the range could be supported here as well.

Thanks again,

-Dave

Posted By: jacksun
Date Posted: 12 June 2005 at 2:14pm

What about the ability to block a class of addresses using CIDR. Just put in 200.0.0.0/8 which would block the 200.X.X.X class A address block?

One could then become much more granular with this such as using /27 or /31 etc etc?

Wayne

Posted By: Desperado
Date Posted: 12 June 2005 at 2:18pm

CIDR's has been discussed in the forum before and I do not believe it is in the cards for the near future.

Regards,

-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Posted By: LogSat
Date Posted: 12 June 2005 at 2:51pm

Due to the way SpamFilter performs checks against blacklisted IPs, CIDRs are not available, and probably will not in the future. For speed all blacklisted IP tests are performed with string matches. As some of these lists can be several MB in size, performance is of outmost importance. Implementing CIDRs in addition to the current string searches will cause too much performance loss, thus for now it is not available.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Print Page | Close Window