The full story: I first created (what is now called) the "ip-in-rdns-keyword-blacklist-file" filter because I wanted to block connections from virus-infected Windows machines on home broadband connections. I wrote the code to search for the IP address and a list of keywords like "dynamic" or "dhcp" or "dialup". I didn't want to block _all_ connections based on _only_ finding their IP address because many legitimate businesses host their own mail servers and have generic rDNS names that contain their IP addresses.
However, blocking based on IP address and keyword didn't work for foreign language rDNS names, because I can't possibly list every keyword in every language on the planet. Because I don't often receive email from people outside the United States, I decided that filtering based on IP address and two-character TLD would be acceptable. I created the "reject-ip-in-cc-rdns" filter for this purpose. This decision worked for me based on my own email patterns and those of my users. It obviously doesn't work for everyone, especially on mail servers outside the U.S. To accommodate this, I expanded the "ip-in-rdns-keyword-blacklist-file" filter to accept domain names instead of just keywords. If you really want to block connections from ".net" or ".com" simply because the rDNS name contains the IP address, you can list those domains in your keyword file like this: .net .com You can use the same technique to selectively simulate the "reject-ip-in-cc-rdns" filter for only a few two-character TLDs. To block all connections from ".us" or ".uk" that contain an IP address while allowing connections from ".de" or ".pl" that contain an IP address, add these entries to your keyword file: .us .uk To answer your second question about the order the filters are run, they are already coded to run in order from least-expensive to most-expensive. rDNS filters run before file-based filters, which run before DNS-based filters. The order of execution is not configurable and I don't intend to change that fact (it would be a monumental task, not to mention very difficult to configure). The current order is documented here: http://www.spamdyke.org/documentation/FAQ.html#FEATURE1 Lastly, because this discussion is about current features, could we move it to the spamdyke-users mailing list? The spamdyke-dev list is really for discussions of beta versions of spamdyke. -- Sam Clippinger Felix Bünemann wrote: > Am 20.09.2008 um 02:23 schrieb Felix Bünemann: > > >> OK, what doesn't make sense to me is as to why to differentiate >> between .com/.net etc. and .de/.uk? If a dialup host sends spam it >> shouldn't matter if his RDNS is .com or .de ... >> I think most spam should be blocked by simple rules without requiering >> RBL lookups and the latency required to do so. >> > > Which leads me to the conclusion, that it should be possible to define > the order in that the different filters are executed. > > Can you specify what's the current order of filter execution? > > -- Felix > _______________________________________________ > spamdyke-dev mailing list > spamdyke-dev@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-dev > _______________________________________________ spamdyke-dev mailing list spamdyke-dev@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-dev