On Feb 20, 2007, at 11:46 AM, Edward Milstein wrote: > Do you mind sharing how you implemented the drop list as a > access.db filter?? How did you represent the various network blocks?? Here's how I do it. This used to be in the completewhois.com tools section, but I can't find it anymore. Requires Sendmail's cidrexpand. Apologies for the FreeBSD references.... #!/usr/bin/perl # # This script is used to convert list of ip blocks in cidr format into # script that can be run to setup linux firewall to filter those blocks # Script is written by William Leibzon for Completewhois Bogons Project: # http://www.completewhois.com/bogons/ # # $1 - should be list of ip blocks in cidr format # # Hacked up to format the drop list for feeding to sendmail's cidrexpand # script to provide a list of net ranges to feed to sendmail's access table. # The cidrexpand script is available in the contrib directory of your # sendmail distribution. (/usr/src/contrib/sendmail/contrib/cidrexpand # on FreeBSD.) # # Thanks to William Leibzon for the original script and Eric Kagan and # Steve Glines for the inspiration. # --Chris Boyd cboyd (at) gizmopartners 1-2-05 # # Recommended usage: # droptosend <droplist> | cidrexpand | sort | uniq # (cidrexpand has some odd bugs that cause it to make duplicate lines) $cidr_filename=@ARGV[0]; if ($cidr_filename eq "") { print "Usage: droptosend cidr_list_file\n"; exit; } open ($cidr_fh, $cidr_filename) or die "can't open file $cidr_filename: $!"; while (<$cidr_fh>) { $line=$_; ($ip1,$ip2,$ip3,$ip4,$mask) = /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\. (\d{1,3})\/(\d{1,2})/; if ($ip1 ne "" && $ip2 ne "" && $ip3 ne "" && $ip4 ne "" && $mask ne "") { print "$ip1.$ip2.$ip3.$ip4/$mask ERROR:5.7.1:550 see http://www.spamhaus.org/drop/\n"; } }