My Hot Spots

One can argue where Spam originates, and what countries produce the lion’s share of it, but the argument ends with just about everyone agreeing Spam is annoying.
A popular school of thought seems to indicate China, Korea, Thailand, Viet Nam, Brazil produce the highest levels of Spam. Don’t discount the U.S either.

If you never expect to communicate with anyone in these countries, you can actually reduce the CPU cycles on your mailer by firewalling these countries by IP address.

Of course, this system works best if there is a separate firewall device in front of your mailer, but will also work if you have a local firewall on the mail server.

IPTables appears to be the most popular firewall system these days, and the example I will give uses that system.

This is not a tutorial on IPTables, there are plenty of those, just do a search for them.

As you should know, a firewall system can block a single IP address, Range of IPs or an entire CIDR block of IPs. So first thing is to obtain the IP(s) you want to block. If you don’t have a list of country IPs, you can find some Here. These IPs are neatly arranged by country in their own files. You should use the lists with CIDR blocks.

So once you have your list(s) of IPs you will find they are arranged with a single CIDR block on each line. This makes it easy to read into a program which will produce your IPTables rules.

A typical rule for a local firewall (on the same machine as the mailer) would look like this:
single ip
-A INPUT -s 1.2.3.4/32 -p tcp -m tcp –dport 25 -j DROP
CIDR Range
-A INPUT -s 1.2.3.0/24 -p tcp -m tcp –dport 25 -j DROP

The first statement would block a single IP address from getting to port 25 on the local machine. The second would block 255 addresses from port 25.

If you have a separate firewall device, you would want to use the FORWARD rule instead of the INPUT rule and include the destination address of the mailer like this:
-A FORWARD -s 1.2.3.4/32 -d 0.0.0.0/32 -p tcp -m tcp –dport 25 -j DROP

The file for China, obtained from the source mentioned above, would be in the following format:

# China IP blocks:
# List of ip blocks allocated and assigned directly by RIRs to ISPs
# and other large companies in the country of China
# This file is based on data collected on Fri Sep 29 14:28:14 PDT 2006
58.14.0.0/15
58.16.0.0/13
58.24.0.0/15
58.30.0.0/15
…

You could create the rules by hand (if you only want to block a few) or you will need a small script to read in the entire file, which could be quite large.

Here is a sample (written in PHP that would aid in your pursuit).

$cr="\\n"; //backslash n
$filedir=;
$filename=;
$infile=$filedir.$filename;
$output="";
// open the file and give it a file handle
$foreignhandle = @fopen ($infile,r);
// you have the file handle
if ($foreignhandle) {
// loop through each line of the file
// reading each line not using a line begining with a #
while (!feof($foreignhandle)) {
$buffer = fgets($foreignhandle, 4096);
$buffer = trim($buffer);
if(!stristr($buffer,"#")){
// if the line is not blank do something
if($buffer != ""){
$output.="/sbin/iptables -A INPUT -s $buffer ";
$output.=" -p TCP -m tcp --dport 25  -j DROP $cr";
}
}
}
// close the CIDR File
fclose($foreignhandle);

// now open the IPTables file and write your rules
$filename="/etc/sysconfig/iptables";
if ($handle = fopen($filename, 'w')) {
// Write $somecontent to our opened file.
if (fwrite($handle, $output) === FALSE) {
echo "Cannot write to file ($filename)";
exit;
}
}

That’s it.

You may want to modify this to be more specific to your needs, but this should get you started.

Best Regards