Filtering (or scoring) messages by IP country

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
ObiWan
Senior user
Senior user
Posts: 278
Joined: 2010-07-21 14:30
Location: Halfway between Germany and Egypt

Filtering (or scoring) messages by IP country

Post by ObiWan » 2010-07-22 10:42

Sometimes you may want to either block or increase the spamscore
of a message coming from a given country; for example, if you have
no business with country "XYZ" and only receive junk email from it
you may want to reject all messages coming from IPs belonging to
that country (I'm not recommending it, but you may want to do it
in some cases) or, you may want to increase the spamscore for
messages coming from some given countries to drop junk coming
from them while still getting legit emails

To do so you won't even need to use a script; the idea is to use
the DNS lists found here; those lists allow you to detect if a given IP belongs to a certain country (but also which country a given IP
belongs); using those lists in hMailServer is pretty straightforward
let's say you want to increase the spamscore for IPs located in
Korea, China and India (I've nothing against those countries, just
using the above as an example)

All you'll need to do will be adding three DNSBLs to your hMailServer
configuration, namely kr.countries.nerd.dk, cn.countries.nerd.dk and
in.countries.nerd.dk setting the desired spamscore for each one and
setting the return addresses to "127.0.0.2"

At this point, whenever hMailServer will get a connection it will check
the receiving IP against the blacklists and, in case one of the "country
lists" (they aren't blacklists) will match the score for the incoming
email will be increased

HTH

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: Filtering (or scoring) messages by IP country

Post by ^DooM^ » 2010-07-22 11:58

That's a more elegant way than using the geoip script someone else posted in my opinion.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

ObiWan
Senior user
Senior user
Posts: 278
Joined: 2010-07-21 14:30
Location: Halfway between Germany and Egypt

Re: Filtering (or scoring) messages by IP country

Post by ObiWan » 2010-07-22 12:35

Thanks, I saw the script you're referring to and I think that
the DNS lookup approach I'm suggesting is most straightforward
w/o to say that GeoIP isn't all that accurate and that using
it you'll need to keep your local ip/country database up to
date or you'll risk incorrectly "mapping" IPs

On the other hand, in case you'll want to (e.g.) block or
score "all" the countries except some, you will still need
a script; in such a case the script should run DNS queries
against the generic "zz.countries.nerd.dk" zone and
then compare the result against this table or (better
imHo) run a DNS "TXT" query which instead of a "code"
will return the country TLD string which won't need any
further lookup :)

An example, let's say we have the IP 41.196.221.175, we
reverse it, add the suffix and run a vanilla "A" query against

175.221.196.41.zz.countries.nerd.dk.

the query will return 127.0.3.50 which, if compared to the
table seen above will tell us that the TLD is "eg" (egypt)
on the other hand we may just run a "TXT" query and in
such a case the result will be "eg"

HTH

Post Reply