On Wed, 7 Jun 2006, Screaming Eagle wrote:
> Is BL_COUNTRY_TW_1 for all country? "Mail client in Taiwan" is an arg value?
> If so, then this Synthax would be o.k:
> describe BL_COUNTRY_TW_1 Mail client in Korea?
Sorry, I assumed you were familiar with the syntax of rules in SA.
> On 6/7/06, John D. Hardin <[EMAIL PROTECTED]> wrote:
> >
> > On Wed, 7 Jun 2006, Screaming Eagle wrote:
> >
> > > country, other than USA? How would you look up the network block
> > > on country such as Romania, China, Taiwan,Thailand, Korea, and so
> > > on...
> >
> > describe BL_COUNTRY_TW_1 Mail client in Taiwan
BL_COUNTRY_TW_1 is a unique label for this rule. For other country
rules, you'd change the "TW" part as appropriate. I recommend sticking
to the ISO two-letter country codes. If you had more than one rule for
a country you'd increment the "1" as appropriate. For example:
describe BL_COUNTRY_KR_1 Mail client in Korea
> > header BL_COUNTRY_TW_1 eval:check_rbl('taiwan', 'tw.countries.nerd.dk')
This says the check is a RBL test. You need to alter the label and
substitute arguments as appropriate. The appropriate substitutions
should be fairly obvious:
header BL_COUNTRY_KR_1 eval:check_rbl('korea', 'kr.countries.nerd.dk')
> > score BL_COUNTRY_TW_1 0.5
> > tflags BL_COUNTRY_TW_1 net
These set the score for a match (higher is more spammy) and flags the
test as a network test. If you really wanted to punish someone in
Korea contacting your mail server, you would set a high score:
score BL_COUNTRY_KR_1 5.0
tflags BL_COUNTRY_KR_1 net
You would end up with a block of rules that might look something like
this:
describe BL_COUNTRY_TH_1 Mail client in Thailand
header BL_COUNTRY_TH_1 eval:check_rbl('thailand', 'th.countries.nerd.dk')
score BL_COUNTRY_TH_1 0.5
tflags BL_COUNTRY_TH_1 net
describe BL_COUNTRY_JP_1 Mail client in Japan
header BL_COUNTRY_JP_1 eval:check_rbl('japan', 'jp.countries.nerd.dk')
score BL_COUNTRY_JP_1 0.5
tflags BL_COUNTRY_JP_1 net
describe BL_COUNTRY_CN_1 Mail client in China
header BL_COUNTRY_CN_1 eval:check_rbl('china', 'cn.countries.nerd.dk')
score BL_COUNTRY_CN_1 0.5
tflags BL_COUNTRY_CN_1 net
describe BL_COUNTRY_TW_1 Mail client in Taiwan
header BL_COUNTRY_TW_1 eval:check_rbl('taiwan', 'tw.countries.nerd.dk')
score BL_COUNTRY_TW_1 0.5
tflags BL_COUNTRY_TW_1 net
describe BL_COUNTRY_KR_1 Mail client in Korea
header BL_COUNTRY_KR_1 eval:check_rbl('korea', 'kr.countries.nerd.dk')
score BL_COUNTRY_KR_1 0.5
tflags BL_COUNTRY_KR_1 net
describe BL_COUNTRY_MX_1 Mail client in Mexico
header BL_COUNTRY_MX_1 eval:check_rbl('mexico', 'mexico.blackholes.us')
score BL_COUNTRY_MX_1 0.5
tflags BL_COUNTRY_MX_1 net
describe BL_COUNTRY_MX_2 Mail client in Mexico
header BL_COUNTRY_MX_2 eval:check_rbl('mexico', 'mx.countries.nerd.dk')
score BL_COUNTRY_MX_2 0.5
tflags BL_COUNTRY_MX_2 net
Note the two Mexico rules. It is possible for nerd.dk and
blackholes.us to list different netblocks due to the way they obtain
the IP -> Country mappings. One or the other may be "more fresh".
Hope this helps!
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
[EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED]
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Look at the people at the top of both efforts. Linus Torvalds is a
university graduate with a CS degree. Bill Gates is a university
dropout who bragged about dumpster-diving and using other peoples'
garbage code as the basis for his code. Maybe that has something to
do with the difference in quality/security between Linux and
Windows. -- anytwofiveelevenis on Y! SCOX
----------------------------------------------------------------------
11 days until SWMBO's Birthday
