If you are strictly looking to block by IP addresses this is a far better task left to the firewall, and configured by networks not individual IP addresses.
There are many ranges which should not be sending email directly (IE those allocated by providers to home users). Unfortunately finding all of them and keeping the list valid is a full time job. I believe this is the point behind RBLs, but they can be a bit slow picking up on directed phishing attacks. In those cases I look up the IP address at ARIN or RIPE find the segment, and if it's anything other than an a real ISP I block the network from my mail server. A kernel firewall is magnitude faster than a SA and can be your first line of defense, the same way I use RBLs at the MTA before the mail even gets to SA. I also agree, there is plenty of blame to go around for all countries. This is not a region specific issue (tho some tend to be more nefarious than others). > On Sep 20, 2016, at 6:43 AM, Byung-Hee HWANG (황병희, 黃炳熙) <soyeo...@doraji.xyz> > wrote: > > Dear Thomas, > > Thomas Barth <tba...@txbweb.de> 께서 쓰시길, > 《記事 全文 <5eddfcdb-957c-e7c0-b133-a40c7ab37...@txbweb.de> 에서》: > >> Hello, >> >> is it possible to use geoiplookup with Spamassassin? I want to reject >> all mails as spam not send in my country or another second country, >> but accept whitelisted mailing list addresses. Any chance to use >> geoiplookup for this? I want to exclude Spammer Countries e.g. China, >> Thaiwan, India, etc... > > There are many people to contribute for FOSS projects all around the > world. You would be reconsideration about blocking by countries. > > Sincerely, > > -- > ^고맙습니다 _地平天成_ 감사합니다_^))//
