Yep. You can enter host addresses or ranges of host addresses as lines in the blacklist section under the SMTP area. If I get a problem with one IP address I typically blacklist everything in the class C address range that covers it. For example if I detect address harvesting or spam from 12.34.56.78 then I will enter the following line into the blacklist area:
12.34.56.0-12.34.56.255 ; 12.34.56.78 8Jan04 - Addr Harvest
The stuff after the semicolon is a comment to remind me why I entered the line.
I'm doing something similar, although I haven't automated it yet. Also, rather than automatically listing the surrounding /24 range, I check arin (and subsequently apnic or ripe, usually :-) and block the surrounding net block. Sometimes it's a smaller range, sometimes it's a /17! I'll also usually check reverse DNS in several IPs within the range, starting with the lowest & the highest, to get a feel for the block. If it appears to be a DSL or dial up range, for example, I'll immediately block the full range, rather than a subset.
Also, I'm using many of the standard blacklist servers discussed on this list. I started small, but kept adding more as spam slipped through. At this point, the only major one I'm not using is spamcop & it's getting awfully tempting to start using it, despite the warnings I recall from this list. Can I get some current opinions on this list?
HTH & Thanks, Tim
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
