> At any rate, I grepped the latest maillog and extracted some of the > "invalid HELO" entries, and it doesn't seem to me that using that > "dynamic" regexp may be so much effective, judge by yourself...
Ok, different spam here, or you do not enforce early helo check ! I never catch less that 100 'dynamic' helo per hour. Many would be stopped because of the numeric part: Apr-16-09 11:58:39 122.162.54.190 <[email protected]> [spam found] (forced: invalid HELO: 'ABTS-North-Dynamic-190.54.162.122.airtelbroadband.in') Apr-16-09 11:58:49 122.161.76.104 <[email protected]> [spam found] (forced: invalid HELO: 'ABTS-North-Dynamic-104.76.161.122.airtelbroadband.in') But some would skip the check and cost me an additional ptr lookup Apr-16-09 12:22:28 81.213.246.159 <[email protected]> [spam found] (forced: invalid HELO: 'dsl.dynamic81213246159.ttnet.net.tr') Apr-16-09 12:22:32 81.213.216.205 <[email protected]> [spam found] (forced: invalid HELO: 'dsl.dynamic81213216205.ttnet.net.tr') or Apr-16-09 12:27:01 118.68.65.184 <[email protected]> [spam found] (forced: invalid HELO: 'adsl-dynamic-pool-xxx.hcm.fpt.vn') Apr-16-09 12:32:05 82.58.25.152 <[email protected]> [spam found] (forced: invalid HELO: 'host152-25-dynamic.58-82-r.retail.telecomitalia.it') Apr-16-09 12:23:43 124.155.82.238 <[email protected]> [spam found] (forced: invalid HELO: 'v082238.dynamic.ppp.asahi-net.or.jp') Apr-16-09 11:55:11 83.92.146.96 <[email protected]> [spam found] (forced: invalid HELO: '0x535c9260.hinxx2.dynamic.dsl.tele.dk') That said, I removed the ddns|dns\.org$ part, because that's useless ! Thx, I just shortened my regex. What do you suggest to add ? ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
