You're reading the correct section. The third and fourth paragraphs describe "reject-unresolvable-rdns", which is the filter that was triggered in your example. The text doesn't actually use the term "A record", instead saying that spamdyke "attempts to get an IP address from the name". When I wrote it, I was trying to limit my use of jargon as much as possible. I guess I should rewrite it if it's so unclear.
Paragraphs five through ten describe "ip-in-rdns-keyword-file" and the last paragraph describes "reject-ip-in-cc-rdns". The two rules you're wanting are already there -- "reject-unresolvable-rdns" and "ip-in-rdns-keyword-file". The former only checks for an A record from the rDNS name. The latter checks for the IP address in the rDNS, plus a keyword from the file. -- Sam Clippinger Eric Shubert wrote: > That makes sense, but it's not what I read at > http://www.spamdyke.org/documentation/README.html#RDNS > I don't see anything there about looking up a corresponding DNS A record. > Is the documentation perhaps out of date? (or am I losing it?) ;) > > Do we perhaps need 2 parameter/rules? One for when the rDNS record does not > contain an IP address, and another for when there is no DNS A record for the > address that's found? > > Sam Clippinger wrote: > >> Your example was not rejected by the ip-in-rdns-keyword-file filter. It >> was rejected by the reject-unresolvable-rdns filter because the rDNS >> name does not resolve to an IP address (a DNS A record). In other >> words, "ping ihsystem-65-182-166-90.pugmarks.net" will fail with >> "unknown host". >> >> -- Sam Clippinger >> >> Eric Shubert wrote: >> >>> I don't understand (after having read the documentation) why the example I >>> showed was rejected then. Please explain. >>> >>> Sam Clippinger wrote: >>> >>> >>>> Sorry, I should have mentioned that the dots in the formats I listed can >>>> actually be any non-alphanumeric character (dashes, underscores, etc). >>>> >>>> -- Sam Clippinger >>>> >>>> Eric Shubert wrote: >>>> >>>> >>>>> Sam Clippinger wrote: >>>>> >>>>> >>>>> >>>>>> spamdyke looks for the IP address in many different formats. If the IP >>>>>> address is 11.22.33.44, it looks for: >>>>>> 11.22.33.44 >>>>>> 011.022.033.044 >>>>>> 11.022.033.044 (new in version 4.0.0) >>>>>> 11.22.033.044 (new in version 4.0.0) >>>>>> 11.22.33.044 (new in version 4.0.0) >>>>>> 44.33.22.11 >>>>>> 44.11.22.33 >>>>>> 33.22.11.44 >>>>>> 44.33.1122 >>>>>> 3344.11.22 >>>>>> 11.22.8492 (last two octets converted to long integer) >>>>>> 11223344 >>>>>> 011022033044 >>>>>> 11022033044 >>>>>> 1122033044 >>>>>> 112233044 >>>>>> 44332211 >>>>>> 044033022011 >>>>>> 185999660 (entire IP converted to long integer) >>>>>> 0b16212c (entire IP converted to hex digits) >>>>>> Basically, these are all the different formats I've seen in real life. >>>>>> As people report new ones, I add them too. >>>>>> >>>>>> >>>>>> >>>>> Here's another one for you Sam: >>>>> >>>>> 04-16 13:01:22 DENIED_RDNS_RESOLVE from: [EMAIL PROTECTED] to: >>>>> [EMAIL PROTECTED] origin_ip: 65.182.166.90 origin_rdns: >>>>> ihsystem-65-182-166-90.pugmarks.net auth: (unknown) >>>>> >>>>> >>>>> >>>>> > > > _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users