Noel Jones put forth on 3/4/2010 2:51 PM: > This patch adds a "reject_rhsbl_reverse_client" function that uses the > unverified client hostname for the RBL lookup.
Cool. Thanks Noel. > The idea is that this might increase rhsbl hit rates if the hostname is > more frequently available. On the other hand, spam-only domains seem to > usually have verifiable hostnames, so I'm not sure how much this will > really help. I don't quite follow your second statement here. Isn't this patch supposed to grab the domain name from the client's rDNS name? Snowshoe spammers usually do have reverse name records for all their sending IPs, so this should work great (assuming the RHS dnsbls are listing the domains). For instance, here are 5 snowshoe ranges at a spam facilitator ISP I recently did research on. 33K+ snowshoe IPs all with rDNS names: http://www.hardwarefreak.com/eonix.rdns.txt http://www.hardwarefreak.com/eonix2.rdns.txt http://www.hardwarefreak.com/eonix3.rdns.txt http://www.hardwarefreak.com/eonix4.rdns.txt http://www.hardwarefreak.com/eonix5.rdns.txt If the Spamhaus DBL was listing all the domains in the 5 pages above, would this patch not reject connections from all these hosts? This is the goal of this patch, right? -- Stan
