Jump to content

Blocked countries lists

HenrysCat
 Share

Recommended Posts

HenrysCat

HenrysCat 0

Posted
Posted

How up to date are the ip lists used? We block China but still get email from there, this ip 114.101.17.197 sent 12 emails last night and it traces back to China.

 

 

Eset.JPG

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted
1 hour ago, HenrysCat said:

We block China but still get email from there, this ip 114.101.17.197

CHINANET Anhui PROVINCE NETWORK China Telecom No.31,jingrong street Beijing 100032

It's a backbone server, CHINANET-BACKBONE No.31,Jin-rong Street. As such, it wouldn't be the origin of the e-mail but just an intermediary delivering it. 

Link to comment
Share on other sites
  • ESET Staff
M.K.

M.K. 17

Posted
  • ESET Staff
Posted

Hi,

Our GeoIP DB correctly identifies this IP as Chinese.

But only the sender's address (last hop) is verified against Blocked countries list, not all intermediate servers from Received headers.

Link to comment
Share on other sites
HenrysCat

HenrysCat 0

Posted
  • Author
Posted
5 hours ago, M.K. said:

But only the sender's address (last hop) is verified against Blocked countries list, not all intermediate servers from Received headers.

The from address was contact@candidconcepts.com which traces to a UK ip, I have reported to the abuse address, is there anything else I can do?

Link to comment
Share on other sites
  • ESET Staff
M.K.

M.K. 17

Posted
  • ESET Staff
Posted

Hi,

I meant sender's IP address in this context - this is usually the topmost Received header.

M.K.

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted (edited)

As far as candidconcepts.com goes, the IP addresses associated with it are 88.208.222.179 and 88.208.222.180.

As far as domain name blocking goes, have you tried *.candidconcepts.com/* and *.candidconcepts.net/*? I assume Eset mail server supports that wildcard notation.

1 hour ago, HenrysCat said:

Oh ok, so the senders ip was 114.101.17.197  yet the messages get through?

Block that IP address then. Doing so might end up blocking a lot of legit e-mail though. It appears a lot of Internet traffic routes through those relay backbone servers.

Edited by itman
Link to comment
Share on other sites
  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...