Adam KOSA wrote:
Currently the pattern looks like this: deny hosts = \N^.*(adsl|pool)\..*$\N : \N^.*-dyn.*\..*$\N : \N^.*pool.*$\N : \N^.*[0-9]+-[0-9]+.*$\NI just stumbled on this URL which may interest you (and probably every reader here) as it lists some interesting regexes for detecting dynamic IPs.http://www.gabacho-net.jp/en/anti-spam/anti-spam-system.html#3-1
This is a good starting point, though putting this on a production system would cause an unacceptably high rate of false positives. The most significat issue in the above pattern is there is no way to draw a relationship between the IP address and the reverse domain name. The below link is a comparitive bwtween NJABL and DynaStop. The important relevance to this issue is the relationship of the IP address to the reverse domain name. http://www.exim-users.org/forums/showthread.php?t=54012 The second message in this thread is a comparitive of SpamHaus ZEN. Again the context is the relationship of the IP address to the reverse domain name. It is extrememly crucial to limit the patternistic heuristics to the IP address in question only. If you can not maintain that relationship in the analysis, you run the risk of have the whole thing run wild uncontrolably. That means a lot of lost mail.
---
DynaStop: Stopping spam one dynamic IP address at a time. http://tanaya.net/DynaStop/
pgpTHR9IPWJTC.pgp
Description: PGP signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
