Blocking Zombie Spam Netblocks
Server Training - Mail Server


There are network subnets that have been taken over by Spammers and run by bots.  These networks are recorded and documented by Spamhaus and provide you a quick way to modify your firewall to eliminate these know blocks of Spam.  You will need to have an iptables firewall and add this section to the firewall which will use the information found in the list to drop the subnets thus taking the load off your Postfix mail server.

The DROP list is maintained by Spanhaus and is found here:

http://www.spamhaus.org/DROP/

Here is a quote from the site:

“DROP (Don’t Route Or Peer) is an advisory “drop all traffic” list, consisting of stolen ‘zombie’ netblocks and netblocks controlled entirely by professional spammers. DROP is a tiny sub-set of the SBL designed for use by firewalls and routing equipment.

DROP is currently available as a simple text list, but will also be available shortly as BGP with routes of listed IPs announced via an AS# allowing networks to then null those routes as being IPs that they do not wish to route traffic for.

The DROP list will NEVER include any IP space “owned” by any legitimate network and reassigned - even if reassigned to the “spammers from hell”. It will ONLY include IP space totally controlled by spammers or 100% spam hosting operations. These are “direct allocations” from ARIN, RIPE, APNIC, LACNIC, and others to known spammers, and the troubling run of “hijacked zombie” IP blocks that have been snatched away from their original owners (which in most cases are long dead corporations) and are now controlled by spammers or netblock thieves who resell the space to spammers.”

In order to implement this, add this section close to the top or your firewall and create a text file in /etc/rc.d called banned.  Add one subnet to each line as you see in the actual code below.  Please use this information on your own risk…the subnets could change over time.
#####################################################
# BLOCK ZOMBIE NETBLOCKS                            #
#####################################################
BADIP=”/etc/rc.d/banned”
BANNED=$( grep -v -E “^#” $BADIP )
for ip in $BANNED
do
iptables -A FORWARD -p tcp -s $ip -j DROP
done

# This is what the banned file needs to look like.
116.199.128.0/19
116.50.8.0/21
128.199.0.0/16
129.47.0.0/16
132.232.0.0/16
132.240.0.0/16
134.175.0.0/16
134.33.0.0/16
138.252.0.0/16
138.43.0.0/16
139.167.0.0/16
141.193.0.0/16
143.49.0.0/16
147.203.0.0/16
148.51.0.0/16
148.7.0.0/16
149.47.0.0/16
152.147.0.0/16
167.97.0.0/16
170.26.0.0/16
170.67.0.0/16
192.115.68.0/22
192.160.44.0/24
192.43.153.0/24
192.43.154.0/23
192.43.156.0/22
192.43.160.0/24
192.67.16.0/24
192.86.85.0/24
193.110.136.0/24
193.142.244.0/24
193.16.100.0/24
193.19.120.0/23
193.200.29.0/24
193.200.50.0/23
193.238.36.0/22
193.93.236.0/22
194.1.152.0/24
194.110.160.0/22
194.116.146.0/23
194.126.193.0/24
194.145.235.0/24
194.146.204.0/22
194.189.44.0/22
195.114.8.0/23
195.225.176.0/22
195.234.159.0/24
195.238.242.0/24
195.74.88.0/23
195.95.161.0/24
196.32.216.0/21
198.151.152.0/22
198.186.16.0/20
198.186.25.0/24
198.204.0.0/21
199.120.163.0/24
199.166.200.0/22
199.245.138.0/24
199.60.102.0/24
200.108.160.0/20
200.124.64.0/20
201.158.96.0/21
201.71.0.0/20
203.19.101.0/24
203.202.236.0/22
203.31.88.0/23
203.33.120.0/24
203.34.205.0/24
203.34.70.0/23
203.34.71.0/24
204.13.32.0/21
204.14.24.0/21
204.153.248.0/21
204.18.0.0/16
204.236.0.0/19
204.52.255.0/24
204.79.220.0/22
204.89.224.0/24
205.210.137.0/24
205.235.64.0/20
205.236.189.0/24
206.197.175.0/24
206.197.176.0/24
206.197.176.0/24
206.197.177.0/24
206.197.28.0/24
206.197.29.0/24
208.38.192.0/18
208.64.44.0/22
208.66.192.0/22
208.72.168.0/21
208.76.160.0/21
208.76.48.0/21
208.77.224.0/21
208.81.136.0/21
208.82.136.0/21
208.84.28.0/22
208.87.152.0/21
208.93.152.0/22
209.145.192.0/18
209.165.224.0/20
209.205.192.0/19
209.205.224.0/20
209.213.48.0/20
216.188.128.0/19
216.243.240.0/20
216.255.176.0/20
216.37.96.0/20
58.65.232.0/21
58.83.12.0/22
58.83.8.0/22
62.176.16.0/22
64.255.128.0/19
64.28.176.0/20
66.206.32.0/22
66.231.64.0/20
66.54.91.0/24
66.55.160.0/19
67.210.0.0/20
67.213.128.0/20
69.42.160.0/20
69.50.160.0/19
69.8.176.0/20
69.80.0.0/17
72.2.176.0/20
78.108.176.0/20
78.157.128.0/19
79.110.160.0/20
79.135.160.0/19
81.29.240.0/20
81.95.144.0/20
85.255.112.0/20
86.105.230.0/24
89.35.0.0/23
91.196.232.0/22
91.200.144.0/22
91.203.92.0/22
91.208.0.0/24
91.208.162.0/24
91.208.228.0/24
91.209.14.0/24
92.53.104.0/22
93.188.160.0/21
94.154.0.0/18
94.154.128.0/18
94.176.96.0/20