Weblog entry #149 for simonw
See all weblog entries made by simonw.
#149
Postfix blocking IP ranges -- the nuclear option
Posted by simonw on Wed 28 Feb 2007 at 20:00
A sad day, I looked at the list of IP addresses I needed to add to Postfix, and decided that it needed just too many class C addresses. I vaguely recalled that Postfix supports blocks with variable length subnet masks.
http://www.postfix.org/cidr_table.5.html
So now our block list is a lot more concise. The CIDR tables are also easier to maintain, so another switch (from access to cidr format) I should have done sooner.
Spammers who prompted the switch to CIDR blocks:
66.36.224.0/19 REJECT superb.net transit from hopone
64.187.96.0/20 REJECT acceleratebiz Inc transit from cogentco.com
204.10.104.0/21 REJECT acceleratebiz Inc transit from cogentco.com
The first of these seems to be unreachable now from blueyonder, which is progress of a sort.
http://www.postfix.org/cidr_table.5.html
So now our block list is a lot more concise. The CIDR tables are also easier to maintain, so another switch (from access to cidr format) I should have done sooner.
Spammers who prompted the switch to CIDR blocks:
66.36.224.0/19 REJECT superb.net transit from hopone
64.187.96.0/20 REJECT acceleratebiz Inc transit from cogentco.com
204.10.104.0/21 REJECT acceleratebiz Inc transit from cogentco.com
The first of these seems to be unreachable now from blueyonder, which is progress of a sort.