Jump to content

Blocked countries lists


Recommended Posts

How up to date are the ip lists used? We block China but still get email from there, this ip 114.101.17.197 sent 12 emails last night and it traces back to China.

 

 

Eset.JPG

Link to comment
Share on other sites

1 hour ago, HenrysCat said:

We block China but still get email from there, this ip 114.101.17.197

CHINANET Anhui PROVINCE NETWORK China Telecom No.31,jingrong street Beijing 100032

It's a backbone server, CHINANET-BACKBONE No.31,Jin-rong Street. As such, it wouldn't be the origin of the e-mail but just an intermediary delivering it. 

Link to comment
Share on other sites

  • ESET Staff

Hi,

Our GeoIP DB correctly identifies this IP as Chinese.

But only the sender's address (last hop) is verified against Blocked countries list, not all intermediate servers from Received headers.

Link to comment
Share on other sites

5 hours ago, M.K. said:

But only the sender's address (last hop) is verified against Blocked countries list, not all intermediate servers from Received headers.

The from address was contact@candidconcepts.com which traces to a UK ip, I have reported to the abuse address, is there anything else I can do?

Link to comment
Share on other sites

  • ESET Staff

Hi,

I meant sender's IP address in this context - this is usually the topmost Received header.

M.K.

Link to comment
Share on other sites

As far as candidconcepts.com goes, the IP addresses associated with it are 88.208.222.179 and 88.208.222.180.

As far as domain name blocking goes, have you tried *.candidconcepts.com/* and *.candidconcepts.net/*? I assume Eset mail server supports that wildcard notation.

1 hour ago, HenrysCat said:

Oh ok, so the senders ip was 114.101.17.197  yet the messages get through?

Block that IP address then. Doing so might end up blocking a lot of legit e-mail though. It appears a lot of Internet traffic routes through those relay backbone servers.

Edited by itman
Link to comment
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...