If you are strictly looking to block by IP addresses this is a far better task
left to the firewall, and configured by networks not individual IP addresses.
There are many ranges which should not be sending email directly (IE those
allocated by providers to home users). Unfortunately finding all of them and
keeping the list valid is a full time job.
I believe this is the point behind RBLs, but they can be a bit slow picking up
on directed phishing attacks.
In those cases I look up the IP address at ARIN or RIPE find the segment, and
if it's anything other than an a real ISP I block the network from my mail
server. A kernel firewall is magnitude faster than a SA and can be your first
line of defense, the same way I use RBLs at the MTA before the mail even gets
I also agree, there is plenty of blame to go around for all countries. This is
not a region specific issue (tho some tend to be more nefarious than others).
> On Sep 20, 2016, at 6:43 AM, Byung-Hee HWANG (황병희, 黃炳熙) <soyeo...@doraji.xyz>
> Dear Thomas,
> Thomas Barth <tba...@txbweb.de> 께서 쓰시길,
> 《記事 全文 <5eddfcdb-957c-e7c0-b133-a40c7ab37...@txbweb.de> 에서》:
>> is it possible to use geoiplookup with Spamassassin? I want to reject
>> all mails as spam not send in my country or another second country,
>> but accept whitelisted mailing list addresses. Any chance to use
>> geoiplookup for this? I want to exclude Spammer Countries e.g. China,
>> Thaiwan, India, etc...
> There are many people to contribute for FOSS projects all around the
> world. You would be reconsideration about blocking by countries.
> ^고맙습니다 _地平天成_ 감사합니다_^))//