The full story: I first created (what is now called) the
"ip-in-rdns-keyword-blacklist-file" filter because I wanted to block
connections from virus-infected Windows machines on home broadband
connections. I wrote the code to search for the IP address and a list
of keywords like "dynamic" or "dhcp" or "dialup". I didn't want to
block _all_ connections based on _only_ finding their IP address because
many legitimate businesses host their own mail servers and have generic
rDNS names that contain their IP addresses.
However, blocking based on IP address and keyword didn't work for
foreign language rDNS names, because I can't possibly list every keyword
in every language on the planet. Because I don't often receive email
from people outside the United States, I decided that filtering based on
IP address and two-character TLD would be acceptable. I created the
"reject-ip-in-cc-rdns" filter for this purpose. This decision worked
for me based on my own email patterns and those of my users. It
obviously doesn't work for everyone, especially on mail servers outside
the U.S.
To accommodate this, I expanded the "ip-in-rdns-keyword-blacklist-file"
filter to accept domain names instead of just keywords. If you really
want to block connections from ".net" or ".com" simply because the rDNS
name contains the IP address, you can list those domains in your keyword
file like this:
.net
.com
You can use the same technique to selectively simulate the
"reject-ip-in-cc-rdns" filter for only a few two-character TLDs. To
block all connections from ".us" or ".uk" that contain an IP address
while allowing connections from ".de" or ".pl" that contain an IP
address, add these entries to your keyword file:
.us
.uk
To answer your second question about the order the filters are run, they
are already coded to run in order from least-expensive to
most-expensive. rDNS filters run before file-based filters, which run
before DNS-based filters. The order of execution is not configurable
and I don't intend to change that fact (it would be a monumental task,
not to mention very difficult to configure). The current order is
documented here:
http://www.spamdyke.org/documentation/FAQ.html#FEATURE1
Lastly, because this discussion is about current features, could we move
it to the spamdyke-users mailing list? The spamdyke-dev list is really
for discussions of beta versions of spamdyke.
-- Sam Clippinger
Felix Bünemann wrote:
> Am 20.09.2008 um 02:23 schrieb Felix Bünemann:
>
>
>> OK, what doesn't make sense to me is as to why to differentiate
>> between .com/.net etc. and .de/.uk? If a dialup host sends spam it
>> shouldn't matter if his RDNS is .com or .de ...
>> I think most spam should be blocked by simple rules without requiering
>> RBL lookups and the latency required to do so.
>>
>
> Which leads me to the conclusion, that it should be possible to define
> the order in that the different filters are executed.
>
> Can you specify what's the current order of filter execution?
>
> -- Felix
> _______________________________________________
> spamdyke-dev mailing list
> spamdyke-dev@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-dev
>
_______________________________________________
spamdyke-dev mailing list
spamdyke-dev@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-dev
